MongoDB: Use a secure hash function in lieu of crc32

Bug #1328722 reported by Kurt Griffiths
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
zaqar
Medium
Unassigned

Bug Description

Since we expect operators to only use a small number of partitions (2-4), it was thought that CRC32 would provide a reasonably even distribution. An attacker may be able to create many queues, named is such a way that they end up on the same partition.

We need to assess this threat and decide if it is worth changing to a different hash, or abandoning the idea of partitioning across DBs altogether. If we do this, we will need to provide a way for operators to migrate their existing users.

See also: https://github.com/openstack/marconi/blob/master/marconi/queues/storage/mongodb/utils.py#L240

Kurt Griffiths (kgriffs)
description: updated
Kurt Griffiths (kgriffs)
description: updated
Revision history for this message
Kurt Griffiths (kgriffs) wrote :

Worst case, an attacker can force everything to the same DB. Since partitioning only provides a minor performance boost, the worst-case scenario would only slightly degrade system performance, and so isn't very useful for a DDoS.

no longer affects: marconi/juno
Kurt Griffiths (kgriffs)
Changed in marconi:
status: Triaged → Won't Fix
Thierry Carrez (ttx)
Changed in marconi:
milestone: juno-2 → none
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers