Replace _deprecated suffix on md5 functions with something more accurate like _noncrypto

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Unresolved
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      SERVER-111288 added the _deprecated suffix and [[deprecated]] attributes to every md5 function. That appears to have been with the intent that we could actually get rid of md5 support completely at some point. However I don't think that is likely. We have non-cryptographic usages of md5 baked in to a few of our commands (such as filemd5 and dbhash) and index formats (FTSv3). These need "strong" hashes with a very high probability of generating unique output from different inputs. They do not need a cryptographically-secure hash, and would likely be fine with crc32c, although they may benefit from the additional hash bits.

      Given that we will not be getting rid of md5 support in the server codebase, and there is no better replacement for those functions for usecases that need md5, I think the "deprecated" term is incorrect. I would suggest changing to something like md5_foo_noncrypto or the intentionally obnoxious md5_foo_not_for_cryptographic_usage.

            Assignee:
            Adam Rayner
            Reporter:
            Mathias Stearn
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: