You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by ashutosh jindal <as...@huawei.com> on 2015/02/18 08:57:40 UTC
Suggestion for using SHA-512 instead of MD5
Hi All,
I have seen that in hbase MD5 is used to generate hash e.g. to create region name . In deployments MD5 is not considered good because of security issues related to it. Can we use SHA-512 or make it configurable . Please give your views.
Regards,
Ashutosh Jindal
Re: Suggestion for using SHA-512 instead of MD5
Posted by Andrew Purtell <ap...@apache.org>.
We simply use MD5 to get a hash where collision probability is very small.
There's no security implication, we don't use MD5 here to protect anything
in a cryptographic sense. In fact we could probably use a faster algorithm
with weaker collision properties for this, but MD5 is ok.
On Tue, Feb 17, 2015 at 11:57 PM, ashutosh jindal <
ashutosh.jindal@huawei.com> wrote:
> Hi All,
>
> I have seen that in hbase MD5 is used to generate hash e.g. to create
> region name . In deployments MD5 is not considered good because of security
> issues related to it. Can we use SHA-512 or make it configurable . Please
> give your views.
>
> Regards,
> Ashutosh Jindal
>
>
--
Best regards,
- Andy
Problems worthy of attack prove their worth by hitting back. - Piet Hein
(via Tom White)
Re: Suggestion for using SHA-512 instead of MD5
Posted by Andrew Purtell <ap...@apache.org>.
We simply use MD5 to get a hash where collision probability is very small.
There's no security implication, we don't use MD5 here to protect anything
in a cryptographic sense. In fact we could probably use a faster algorithm
with weaker collision properties for this, but MD5 is ok.
On Tue, Feb 17, 2015 at 11:57 PM, ashutosh jindal <
ashutosh.jindal@huawei.com> wrote:
> Hi All,
>
> I have seen that in hbase MD5 is used to generate hash e.g. to create
> region name . In deployments MD5 is not considered good because of security
> issues related to it. Can we use SHA-512 or make it configurable . Please
> give your views.
>
> Regards,
> Ashutosh Jindal
>
>
--
Best regards,
- Andy
Problems worthy of attack prove their worth by hitting back. - Piet Hein
(via Tom White)
Re: Suggestion for using SHA-512 instead of MD5
Posted by Matteo Bertozzi <th...@gmail.com>.
do we really need that? also did you think about the impact of the size
difference between md5 and sha512 on META?
skipping the md5 math for a sec...
encoded region names are md5(<tableName>,<startKey>,<regionIdTimeStamp>)
so, even if we have a collision we can just increase the timestamp and
retry (the user only controls the startKey)
Matteo
On Wed, Feb 18, 2015 at 8:57 AM, ashutosh jindal <ashutosh.jindal@huawei.com
> wrote:
> Hi All,
>
> I have seen that in hbase MD5 is used to generate hash e.g. to create
> region name . In deployments MD5 is not considered good because of security
> issues related to it. Can we use SHA-512 or make it configurable . Please
> give your views.
>
> Regards,
> Ashutosh Jindal
>
>