AlbericByte commented on code in PR #16757: URL: https://github.com/apache/druid/pull/16757#discussion_r1694520966
########## server/src/main/java/org/apache/druid/client/cache/MemcachedCache.java: ########## @@ -641,14 +641,14 @@ public void close() public static final int MAX_PREFIX_LENGTH = MemcachedClientIF.MAX_KEY_LENGTH - - 40 // length of namespace hash - - 40 // length of key hash + - 64 // length of namespace hash + - 64 // length of key hash - 2; // length of separators private static String computeKeyHash(String memcachedPrefix, NamedKey key) { // hash keys to keep things under 250 characters for memcached - return memcachedPrefix + ":" + DigestUtils.sha1Hex(key.namespace) + ":" + DigestUtils.sha1Hex(key.key); + return memcachedPrefix + ":" + DigestUtils.sha256Hex(key.namespace) + ":" + DigestUtils.sha256Hex(key.key); Review Comment: @cryptoe cc: @FrankChen021 I will deploy and verify it, seems Tiger-192 is risky from GitHub security bot. should we go SHA-256 or continue Tiger-192. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org For additional commands, e-mail: commits-h...@druid.apache.org