jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Mueller (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (OAK-209) BlobStore: use SHA-256 instead of SHA-1, and use two directory levels for FileBlobStore
Date Thu, 02 Aug 2012 15:36:02 GMT

     [ https://issues.apache.org/jira/browse/OAK-209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Thomas Mueller resolved OAK-209.

    Resolution: Fixed

Revision 1368520 and revision 1368542.

Some additional changes are included as some of the tests had to be changed in order to use
SHA-256. Also I documented and changed the internal BlobStore interface a bit.
> BlobStore: use SHA-256 instead of SHA-1, and use two directory levels for FileBlobStore
> ---------------------------------------------------------------------------------------
>                 Key: OAK-209
>                 URL: https://issues.apache.org/jira/browse/OAK-209
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: mk
>            Reporter: Thomas Mueller
>            Assignee: Thomas Mueller
>            Priority: Minor
> Currently we use SHA-1 as the hash algorithm for the blob store (same as with Jackrabbit
2.x). I think it makes sense if we use SHA-256 instead:
> Advantages:
> - SHA-1 is considered "broken" by some experts:
>   http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
> - SHA-256 belongs to the SHA-2 family, which is recommended by NIST
>   for new applications:
>   http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
> Disadvantages:
> - Longer file name
> - Longer content hash
> - Not compatible with Jackrabbit 2.x
> For the FileBlobStore, the current implementation uses only one directory level while
Jackrabbit 2.x uses 3 levels. I think we should use two levels for Oak, to avoid too many
files in the same directory.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message