Not sure I understand the motivation to use a FIPS-compliant hash function for log compaction -- what are the security ramifications?
On Fri, Jul 22, 2016 at 2:56 PM Luciano Afranllie <listas.luaf...@gmail.com> wrote: > A little bit of background first. > > We are trying to make a deployment of Kafka that is FIPS 140-2 ( > https://en.wikipedia.org/wiki/FIPS_140-2) complaint and one of the > requirements is not to use MD5. > > As far as we could see, Kafka is using MD5 only to hash message keys in a > offset map (SkimpyOffsetMap) used by the log cleaner. So, we are planning > to change the hash algorithm to something allowed by FIPS. > > With this in mind we are thinking that it would be great if we can add a > config property LogCleanerHashAlgorithmProp = "log.cleaner.hash.algorithm" > with a default value equal to "MD5" and use it in the constructor > of CleanerConfig. In that case in future versions of Kafka we can just > change the value of this property. > > Please let me know if you are Ok with this change. > It is enough to create a pull request for this? Should I create a Jira > first? > > Regards > Luciano > > On Fri, Jul 22, 2016 at 5:58 PM, Luciano Afranllie < > listas.luaf...@gmail.com > > wrote: > > > Hi > > > > We are evaluating to change the hash algorithm used by the > SkimpyOffsetMap > > used by the LogCleaner from MD5 to SHA-1. > > > > Besides the impact in performance (more memory, more cpu usage) is there > > anything that may be impacted? > > > > Regards > > Luciano > > >
