Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change content_hash to use sha256 #672

Open
fkusei opened this issue Sep 22, 2021 · 0 comments
Open

Change content_hash to use sha256 #672

fkusei opened this issue Sep 22, 2021 · 0 comments
Milestone
5.0.0

Comments

@fkusei
Copy link
Contributor

fkusei commented Sep 22, 2021

In #670, the attribute content_hash was added to the list of usable item attributes. Previously, that was only used for checking for differences between locally generated files and those deployed on a node.

Since we're now using that hash to also verify downloaded content, we probably should use sha256 for content_hash, since that's (currently) not susceptible to hash collision attacks.

(Since that's a breaking change, we should add this to the 5.0.0 milestone)
@trehn trehn added this to the 5.0.0 milestone Sep 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5.0.0
Development

No branches or pull requests
2 participants
@trehn @fkusei