vj4 icon indicating copy to clipboard operation
vj4 copied to clipboard

Published 20 hours ago verified publisher icon vijos

Use SHA2 instead of MD5

Open breezewish opened this issue 7 years ago • 3 comments

Currently we are using MD5 to store files, which is VERY insecure since a MD5 collision can be generated in minutes on personal PC even several years ago.

Since SHA1 is also considered insecure these years, we need to migrate to SHA2, for example SHA256.

Upgrade to existing data is required.

breezewish avatar Aug 11 '17 14:08 breezewish

@mongodb

twd2 avatar Aug 11 '17 14:08 twd2

@twd2 MongoDB's MD5 is not intended to be used to deduplicate as what we are doing now. It is a checksum for file system integrity only, for detecting data corruption.

Ref:

https://docs.mongodb.com/manual/reference/glossary/#term-checksum https://docs.mongodb.com/manual/reference/glossary/#term-md5

breezewish avatar Aug 11 '17 14:08 breezewish

Updating users' data will be a big project...

ksyx avatar Aug 15 '17 10:08 ksyx