git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 in the read path


They also don't matter for digests, as long as we're assuming all nodes in
the cluster are non-malicious (which is a pretty reasonable and probably
necessary assumption).  Or at least, deliberate collisions don't.
Accidental collisions do, but 128 bits is sufficient to make that
sufficiently unlikely (as in, chances are nobody will ever see a single
collision)

On Wed, Sep 26, 2018 at 7:58 PM Brandon Williams <driftx@xxxxxxxxx> wrote:

> Collisions don't matter in the partitioner.
>
> On Wed, Sep 26, 2018, 6:53 PM Anirudh Kubatoor <anirudh.kubatoor@xxxxxxxxx
> >
> wrote:
>
> > Isn't MD5 broken from a security standpoint? From wikipedia
> > *"One basic requirement of any cryptographic hash function is that it
> > should be computationally infeasible
> > <
> >
> https://en.wikipedia.org/wiki/Computational_complexity_theory#Intractability
> > >
> > to
> > find two non-identical messages which hash to the same value. MD5 fails
> > this requirement catastrophically; such collisions
> > <https://en.wikipedia.org/wiki/Collision_resistance> can be found in
> > seconds on an ordinary home computer"*
> >
> > Regards,
> > Anirudh
> >
> > On Wed, Sep 26, 2018 at 7:14 PM Jeff Jirsa <jjirsa@xxxxxxxxx> wrote:
> >
> > > In some installations, it's used for hashing the partition key to find
> > the
> > > host ( RandomPartitioner )
> > > It's used for prepared statement IDs
> > > It's used for hashing the data for reads to know if the data matches on
> > all
> > > different replicas.
> > >
> > > We don't use CRC because conflicts would be really bad. There's
> probably
> > > something in the middle that's slightly faster than md5 without the
> > > drawbacks of crc32
> > >
> > >
> > > On Wed, Sep 26, 2018 at 3:47 PM Tyagi, Preetika <
> > preetika.tyagi@xxxxxxxxx>
> > > wrote:
> > >
> > > > Hi all,
> > > >
> > > > I have a question about MD5 being used in the read path in Cassandra.
> > > > I wanted to understand what exactly it is being used for and why not
> > > > something like CRC is used which is less complex in comparison to
> MD5.
> > > >
> > > > Thanks,
> > > > Preetika
> > > >
> > > >
> > >
> >
>