[ https://issues.apache.org/jira/browse/AVRO-4016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17864925#comment-17864925 ]
ASF subversion and git services commented on AVRO-4016: ------------------------------------------------------- Commit 25d86840557e7b2e33c78d425131e5c19693e461 in avro's branch refs/heads/main from Oscar Westra van Holthe - Kind [ https://gitbox.apache.org/repos/asf?p=avro.git;h=25d868405 ] AVRO-4016: Use SecureRandom for file sync markers (#3016) > Remove the use of MD5 in org.apache.avro.file.DataFileWriter#generateSync > ------------------------------------------------------------------------- > > Key: AVRO-4016 > URL: https://issues.apache.org/jira/browse/AVRO-4016 > Project: Apache Avro > Issue Type: Improvement > Components: java > Affects Versions: 1.11.3 > Reporter: Oscar Westra van Holthe - Kind > Assignee: Oscar Westra van Holthe - Kind > Priority: Major > Labels: pull-request-available > Fix For: 1.12.0 > > Time Spent: 20m > Remaining Estimate: 0h > > In the chat, someone mentioned using a FIPS environment, which disallows the > use of insecure cryptographic hash functions, like MD5. > The {{DataFileWriter}} class uses an MD5 hash of a random UUID and a > timestamp to generate what's essentially 16 random bytes. > This can more easily be done with {{{}SecureRandom{}}}. -- This message was sent by Atlassian Jira (v8.20.10#820010)