Title: Message Title
|
|
Issue Type:
|
Improvement
|
Affects Versions:
|
5.0
|
Assignee:
|
Unassigned
|
Created:
|
06/Mar/14 12:59 PM
|
Priority:
|
Minor
|
Reporter:
|
Christian Scheible
|
|
As is known MD5 is vulnerable against collision attacks. So the checksum calculation should be replaced by a more reliable hash function like SHA-2. Affected classes from dspace-api are: 1. org.dspace.checker.BitstreamInfoDAO: 2 SQL INSERT Strings (INSERT_MISSING_CHECKSUM_BITSTREAMS and INSERT_MISSING_CHECKSUM_BITSTREAMS_ORACLE). They add MD5 to the query if no checksum algorithm is stored for a bitstream. 2. org.dspace.checker.CheckerCommand: Compares calculated checksums with the currently saved files. If no checksum algorithm is stored in BiststreamInfo it uses MD5. 3. org.dspace.BitstreamStorageManager: During reigister/store a MD5 hash is calculated and stored in the DB. Maybe it is possible to add a config option like checksum.algorithm
|
|
|
|
|
|
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel