[
https://issues.apache.org/jira/browse/AVRO-4016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17864925#comment-17864925
]
ASF subversion and git services commented on AVRO-4016:
-------------------------------------------------------
Commit 25d86840557e7b2e33c78d425131e5c19693e461 in avro's branch
refs/heads/main from Oscar Westra van Holthe - Kind
[ https://gitbox.apache.org/repos/asf?p=avro.git;h=25d868405 ]
AVRO-4016: Use SecureRandom for file sync markers (#3016)
> Remove the use of MD5 in org.apache.avro.file.DataFileWriter#generateSync
> -------------------------------------------------------------------------
>
> Key: AVRO-4016
> URL: https://issues.apache.org/jira/browse/AVRO-4016
> Project: Apache Avro
> Issue Type: Improvement
> Components: java
> Affects Versions: 1.11.3
> Reporter: Oscar Westra van Holthe - Kind
> Assignee: Oscar Westra van Holthe - Kind
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.12.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> In the chat, someone mentioned using a FIPS environment, which disallows the
> use of insecure cryptographic hash functions, like MD5.
> The {{DataFileWriter}} class uses an MD5 hash of a random UUID and a
> timestamp to generate what's essentially 16 random bytes.
> This can more easily be done with {{{}SecureRandom{}}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
