[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net

Tue, 10 Mar 2009 13:03:24 -0700 

    [ 
https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680597#action_12680597
 ] 

Torsten Rendelmann commented on LUCENENET-175:
----------------------------------------------

Sure: "COMPLIANT" is the correct name. 

Another option would be to add a global (static?) configuration option to set 
FIPS compliance (default: false, JAVA compat.) by code. So no one have to 
recompile for the specific feature. But for that I did not know the code base 
enough to suggest how to proceed.

> Add FIPS compliance to lucene.net
> ---------------------------------
>
>                 Key: LUCENENET-175
>                 URL: https://issues.apache.org/jira/browse/LUCENENET-175
>             Project: Lucene.Net
>          Issue Type: Improvement
>         Environment: CLR 2.0; DOT.NET
>            Reporter: Torsten Rendelmann
>         Attachments: FIPS_COMLIANCE.patch
>
>   Original Estimate: 0.25h
>  Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS 
> compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET 
> port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch 
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
>                                       // use a FIPS compliant algorithm (see 
> also 
> http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html
>  )
>                                       DIGESTER = 
> System.Security.Cryptography.SHA1.Create();
> #else
>                                       // use the java compatible hash 
> algorithm:
>                                       DIGESTER = 
> System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to