MongoDB: Use a secure hash function in lieu of crc32

Bug #1328722 reported by Kurt Griffiths
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

Since we expect operators to only use a small number of partitions (2-4), it was thought that CRC32 would provide a reasonably even distribution. An attacker may be able to create many queues, named is such a way that they end up on the same partition.

We need to assess this threat and decide if it is worth changing to a different hash, or abandoning the idea of partitioning across DBs altogether. If we do this, we will need to provide a way for operators to migrate their existing users.

See also:

Kurt Griffiths (kgriffs)
description: updated
Kurt Griffiths (kgriffs)
description: updated
Revision history for this message
Kurt Griffiths (kgriffs) wrote :

Worst case, an attacker can force everything to the same DB. Since partitioning only provides a minor performance boost, the worst-case scenario would only slightly degrade system performance, and so isn't very useful for a DDoS.

no longer affects: marconi/juno
Kurt Griffiths (kgriffs)
Changed in marconi:
status: Triaged → Won't Fix
Thierry Carrez (ttx)
Changed in marconi:
milestone: juno-2 → none
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers