[jira] [Updated] (GROOVY-11515) configurable hashing algorithm

[Paul King (Jira)]

     [ 
https://issues.apache.org/jira/browse/GROOVY-11515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Paul King updated GROOVY-11515:
-------------------------------
    Description: 
通过iast扫描发现groovy中使用了md5来生成缓存键名，路径为groovy.lang.GroovyClassLoader.getSourceCacheKey

建议使用常见的安全的哈希算法，如SHA-256,SHA-384,SHA-512等

Google Translate gives:
Through iast scanning, it was found that md5 is used in groovy to generate the 
cache key name, and the path is groovy.lang.GroovyClassLoader.getSourceCacheKey

It is recommended to use common secure hash algorithms, such as SHA-256, 
SHA-384, SHA-512, etc.

In GROOVY-11459, it was made possible to configure the hashing algorithm. This 
issue is to explore whether there is a significant performance degradation 
making SHA256 the default. Initial tests, albeit on a small sample size, 
indicates no. We need to do further testing though. The default would only be 
changed for Groovy 5+.

  was:
通过iast扫描发现groovy中使用了md5来生成缓存键名，路径为groovy.lang.GroovyClassLoader.getSourceCacheKey

建议使用常见的安全的哈希算法，如SHA-256,SHA-384,SHA-512等

Google Translate gives:
Through iast scanning, it was found that md5 is used in groovy to generate the 
cache key name, and the path is groovy.lang.GroovyClassLoader.getSourceCacheKey

It is recommended to use common secure hash algorithms, such as SHA-256, 
SHA-384, SHA-512, etc.

In GROOVY-11459, it was made possible


> configurable hashing algorithm
> ------------------------------
>
>                 Key: GROOVY-11515
>                 URL: https://issues.apache.org/jira/browse/GROOVY-11515
>             Project: Groovy
>          Issue Type: Bug
>    Affects Versions: 4.0.22
>            Reporter: wellchang
>            Assignee: Paul King
>            Priority: Major
>             Fix For: 5.x
>
>
> 通过iast扫描发现groovy中使用了md5来生成缓存键名，路径为groovy.lang.GroovyClassLoader.getSourceCacheKey
> 建议使用常见的安全的哈希算法，如SHA-256,SHA-384,SHA-512等
> Google Translate gives:
> Through iast scanning, it was found that md5 is used in groovy to generate 
> the cache key name, and the path is 
> groovy.lang.GroovyClassLoader.getSourceCacheKey
> It is recommended to use common secure hash algorithms, such as SHA-256, 
> SHA-384, SHA-512, etc.
> In GROOVY-11459, it was made possible to configure the hashing algorithm. 
> This issue is to explore whether there is a significant performance 
> degradation making SHA256 the default. Initial tests, albeit on a small 
> sample size, indicates no. We need to do further testing though. The default 
> would only be changed for Groovy 5+.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)