[
https://issues.apache.org/jira/browse/GROOVY-11459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17880845#comment-17880845
]
ASF GitHub Bot commented on GROOVY-11459:
-----------------------------------------
paulk-asert commented on PR #2112:
URL: https://github.com/apache/groovy/pull/2112#issuecomment-2342566747
Thanks for your contributions to this topic. I did a little bit more
performance testing and think this topic deserves more discussion. I'll add
some results into the corresponding Jira issue and create an email on the dev
list shortly. We'll likely make some changes similar to what you are suggesting
but some assumptions about algorithm speed weren't as I expected.
> weak hashing algorithm (使用弱哈希算法)
> --------------------------------
>
> Key: GROOVY-11459
> URL: https://issues.apache.org/jira/browse/GROOVY-11459
> Project: Groovy
> Issue Type: Bug
> Affects Versions: 4.0.22
> Reporter: wellchang
> Assignee: Paul King
> Priority: Major
>
> 通过iast扫描发现groovy中使用了md5来生成缓存键名,路径为groovy.lang.GroovyClassLoader.getSourceCacheKey
> 建议使用常见的安全的哈希算法,如SHA-256,SHA-384,SHA-512等
> Google Translate gives:
> Through iast scanning, it was found that md5 is used in groovy to generate
> the cache key name, and the path is
> groovy.lang.GroovyClassLoader.getSourceCacheKey
> It is recommended to use common secure hash algorithms, such as SHA-256,
> SHA-384, SHA-512, etc.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
