Return-Path: Delivered-To: apmail-lucene-java-dev-archive@www.apache.org Received: (qmail 1107 invoked from network); 10 Mar 2009 20:43:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Mar 2009 20:43:54 -0000 Received: (qmail 99644 invoked by uid 500); 10 Mar 2009 20:43:51 -0000 Delivered-To: apmail-lucene-java-dev-archive@lucene.apache.org Received: (qmail 99609 invoked by uid 500); 10 Mar 2009 20:43:51 -0000 Mailing-List: contact java-dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: java-dev@lucene.apache.org Delivered-To: mailing list java-dev@lucene.apache.org Received: (qmail 99600 invoked by uid 99); 10 Mar 2009 20:43:51 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Mar 2009 13:43:51 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.221.108] (HELO mail-qy0-f108.google.com) (209.85.221.108) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Mar 2009 20:43:41 +0000 Received: by qyk6 with SMTP id 6so1817317qyk.29 for ; Tue, 10 Mar 2009 13:43:19 -0700 (PDT) Received: by 10.224.6.79 with SMTP id 15mr9965069qay.251.1236717799682; Tue, 10 Mar 2009 13:43:19 -0700 (PDT) Received: from ?10.17.4.4? (pool-173-48-164-75.bstnma.fios.verizon.net [173.48.164.75]) by mx.google.com with ESMTPS id 26sm5160063qwa.52.2009.03.10.13.43.18 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 10 Mar 2009 13:43:18 -0700 (PDT) Message-Id: <82040E68-99C0-459B-9AC3-E82B4C9F1984@mikemccandless.com> From: Michael McCandless To: java-dev@lucene.apache.org In-Reply-To: <004001c9a1b3$f3c5bc50$db5134f0$@com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: FIPS compliance? Date: Tue, 10 Mar 2009 16:43:17 -0400 References: <004001c9a1b3$f3c5bc50$db5134f0$@com> X-Mailer: Apple Mail (2.930.3) X-Virus-Checked: Checked by ClamAV on apache.org Interesting... I wonder if in any java runtime there's ever a "rejection" of a known-insecure crypto digest alg. I don't think that's come up on java-user/dev that I've seen. But it's certainly possible, but it should be rare because we now simply default to "write.lock" in the index directory (getLockID is only used if you override the LockFactory). Really we want a digest that doesn't not need to be secure, here, but I don't think Java APIs differentiate. (We don't care if someone can reverse the mapping of lock ID --> directory name; we simply want low risk of collision). Do .NET APIs offer a "give me a digest and it doesn't have to be secure"? If so that's probably the best solution. That said... we could change this to SHA-1, to be safe, but then in another few years we'd probably be having this discussion again when SHA-1 is fully cracked ;) I don't think there's a back-compat issue since it's use only for the naming of the lock file, which is transient. Mike Deniz@ttnet wrote: > Hi All, > > There is a discussion about FIPS compliance(using MD5 Hash algorithm > in FSDirectory) in Lucene.Net. > > http://mail-archives.apache.org/mod_mbox/incubator-lucene-net-user/200903.mbox/%3c006101c99f4e$7bdd3590$7397a0b0$@rendelmann@gmx.net%3e > https://issues.apache.org/jira/browse/LUCENENET-175 > > In fact, if the system wide policy (HKLM\System\CurrentControlSet > \Control\Lsa\FIPSAlgorithmPolicy) is set, then trying to use MD5 > (which is not FIPS compliant) to compute the hash causes exception. > > So, Is a change in Lucene possible to use SHA1 in computing hash for > FIPS compliance (I can see the backward compatibility problems) > Or > is this problem specific to Lucene.Net? > > What do you think? > > DIGY > > > --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org For additional commands, e-mail: java-dev-help@lucene.apache.org