Reloader icon indicating copy to clipboard operation
Reloader copied to clipboard

Published 20 hours ago verified publisher icon stakater

Moving Away from SHA1 to SHA512 (Security)

Open shantanubansal opened this issue 2 years ago • 19 comments

shantanubansal avatar Sep 13 '23 08:09 shantanubansal

@stakater-user @faizanahmad055 Can you please review this?

shantanubansal avatar Sep 13 '23 08:09 shantanubansal

@shantanubansal Yikes! You better fix it before anyone else finds out! Build has Failed!

github-actions[bot] avatar Sep 13 '23 08:09 github-actions[bot]

@shantanubansal Yikes! You better fix it before anyone else finds out! Build has Failed!

github-actions[bot] avatar Sep 14 '23 16:09 github-actions[bot]

@shantanubansal Image is available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-91e5ad5a

github-actions[bot] avatar Sep 14 '23 16:09 github-actions[bot]

@shantanubansal Image is available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-f40824d9

github-actions[bot] avatar Sep 14 '23 16:09 github-actions[bot]

@karl-johan-grahn Can you please approve this PR?

shantanubansal avatar Sep 14 '23 17:09 shantanubansal

@waseem-h @ahmedwaleedmalik @stakater-user @faizanahmad055 @karl-johan-grahn Can anyone of you please approve or review the PR?

shantanubansal avatar Sep 15 '23 05:09 shantanubansal

/lgtm

ravi-k8 avatar Sep 15 '23 05:09 ravi-k8

@shantanubansal please refrain from tagging individuals directly. I'm no longer working on this project.

ahmedwaleedmalik avatar Sep 15 '23 08:09 ahmedwaleedmalik

@shantanubansal Thank you for the PR, Can you please pull the upstream changes from the master and I can then review it? Also, at this point, I am unsure of the performance impact. We used SHA1 because it was efficient as the only purpose was to identify the objects. I am leaning towards making it configurable from a list of hashing algorithms. What do you think @MuneebAijaz ?

faizanahmad055 avatar Sep 20 '23 09:09 faizanahmad055

@faizanahmad055 I feel we can make it configurable, if we can have a go-boring compatibility that will be awesome. But Can you please elaborate whats the performance impact? If comparison is an issue can we use subtle.ConstantTimeCompare for string match? It will highly optimize the string comparison.

shantanubansal avatar Sep 20 '23 10:09 shantanubansal

@shantanubansal Image is available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-2ec1fafa

github-actions[bot] avatar Sep 20 '23 10:09 github-actions[bot]

@shantanubansal Image is available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-79eb1871

github-actions[bot] avatar Sep 21 '23 02:09 github-actions[bot]

@faizanahmad055 I feel we can make it configurable, if we can have a go-boring compatibility that will be awesome. But Can you please elaborate whats the performance impact?

It can hit computationally harder to calculate and compare the hash specially when there is going to be too much load. I think making it an optional and choosing from the list of algorithms with default of SHA1 would be the way to go.

faizanahmad055 avatar Sep 22 '23 06:09 faizanahmad055

@karl-johan-grahn Images are available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-e8b409b2\ndocker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-UBI-e8b409b2

github-actions[bot] avatar Nov 22 '23 09:11 github-actions[bot]

@karl-johan-grahn Images are available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-70b58a43\ndocker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-UBI-70b58a43

github-actions[bot] avatar Dec 06 '23 09:12 github-actions[bot]

@shantanubansal can we cater the feedback @faizanahmad055 has suggested above so this can be merged?

MuneebAijaz avatar Dec 13 '23 09:12 MuneebAijaz

Any chance this PR can be looked at by a dev team member?

IdanAdar avatar Dec 26 '23 10:12 IdanAdar