couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Besogonov <alex.besogo...@gmail.com>
Subject Why MD5 is used for hashes, also about non-deterministic IDs.
Date Mon, 14 Nov 2011 18:52:47 GMT
I'm looking at CouchDB source code and I have several questions:

1) Why MD5 is used instead of more secure hashes. It's very real to
imagine a situation where a malicious user can cause hash collision
and cause problems in replication.

2) ID is not completely deterministic - it depends on
compression_level and compressible_types settings for attachments.
Would it make sense to use MD5 of the original uncompressed document?
And while you're at it, it probably makes sense to include file size
in Atts2 tuple.

Mime
View raw message