[jira] [Created] (AVRO-4016) Remove the use of MD5 in org.apache.avro.file.DataFileWriter#generateSync

Oscar Westra van Holthe - Kind (Jira) Tue, 09 Jul 2024 14:53:05 -0700

Oscar Westra van Holthe - Kind created AVRO-4016:
----------------------------------------------------


             Summary: Remove the use of MD5 in 
org.apache.avro.file.DataFileWriter#generateSync
                 Key: AVRO-4016
                 URL: https://issues.apache.org/jira/browse/AVRO-4016
             Project: Apache Avro
          Issue Type: Improvement
          Components: java
    Affects Versions: 1.11.3
            Reporter: Oscar Westra van Holthe - Kind
            Assignee: Oscar Westra van Holthe - Kind
             Fix For: 1.12.0


In the chat, someone mentioned using a FIPS environment, which disallows the 
use of insecure cryptographic hash functions, like MD5.

The {{DataFileWriter}} class uses an MD5 hash of a random UUID and a timestamp 
to generate what's essentially 16 random bytes.

This can more easily be done with {{{}SecureRandom{}}}.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (AVRO-4016) Remove the use of MD5 in org.apache.avro.file.DataFileWriter#generateSync

Reply via email to