You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@bookkeeper.apache.org by GitBox <gi...@apache.org> on 2022/02/18 01:08:29 UTC

[GitHub] [bookkeeper] dlg99 commented on issue #3057: [SECURITY] Weak security algorithm used by MacDigestManager

dlg99 commented on issue #3057:
URL: https://github.com/apache/bookkeeper/issues/3057#issuecomment-1043696249


   DigestManager isn't used for the security but for the checksum/checksum validation.
   
   CRC32 should be the default: https://github.com/apache/bookkeeper/blob/7018d2fff35de96a90a1008366e38580e448fb84/conf/bk_server.conf#L883-L884 and https://github.com/apache/bookkeeper/blob/7018d2fff35de96a90a1008366e38580e448fb84/bookkeeper-server/src/main/java/org/apache/bookkeeper/conf/ClientConfiguration.java#L276-L284
   
   CRC32c is recommended for performance.
   
   If you have use case for some other checksuming algorithm you can add it by extending DigestManager class and use configuration to set it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org