lucenenet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Aroush (JIRA)" <j...@apache.org>
Subject [jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Date Thu, 19 Mar 2009 01:43:50 GMT

    [ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12683278#action_12683278
] 

George Aroush commented on LUCENENET-175:
-----------------------------------------

A solution using an API, with the default being Java compliant is much better then conational
compilation.  The API must be in the SupportClass namespace (and in the file SupportClass.cs)
to make it clear this is Lucene.Net specific support.  The API must clearly document that
setting it will break backward compatibility with Java Lucene index.  This is currently missing
(as a form of comment) from the patch.

Also, I'm thinking we need a new README-Lucene.Net.txt file (or some other file name) in \trunk\C#\
to highlight Lucene.Net specific stuff like this one as well as #ziplib.

-- George

> Add FIPS compliance to lucene.net
> ---------------------------------
>
>                 Key: LUCENENET-175
>                 URL: https://issues.apache.org/jira/browse/LUCENENET-175
>             Project: Lucene.Net
>          Issue Type: Improvement
>         Environment: CLR 2.0; DOT.NET
>            Reporter: Torsten Rendelmann
>         Attachments: FIPS_COMLIANCE.patch
>
>   Original Estimate: 0.25h
>  Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene
to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch 
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> 					// use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html
)
> 					DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> 					// use the java compatible hash algorithm:
>  					DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message