Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DEPR]: Remove md4 caching and related ENABLE_BLAKE2B_HASHING feature flag #36024

Open
pdpinch opened this issue Dec 12, 2024 · 5 comments
Open
Assignees
Labels
depr Proposal for deprecation & removal per OEP-21

Comments

@pdpinch
Copy link
Contributor

pdpinch commented Dec 12, 2024

Proposal Date

2025-02-10

Target Ticket Acceptance Date

2025-01-10

Earliest Open edX Named Release Without This Functionality

Teak - 2025-04

Rationale

md4 hashing is discouraged and not secure. Although security is not a concern in this usage, supporting libraries and systems are removing support as well.

The setting ENABLE_BLAKE2B_HASHING was added to allow operators to control the timing of this change but once everyone has changed, it is no longer necessary.

Removal

The code introduced in #34442 needs to be removed

Replacement

md4 hashing is replaced by blake2b, a widely supported algorithm.

Deprecation

No response

Migration

No migration is necessary. The cache will re-fill without intervention. The setting was introduced solely to allow operators to control the timing of the cache re-fill, against the possibility that it could degrade performance.

Additional Info

No response

Task List

No response

Links

@pdpinch
Copy link
Contributor Author

pdpinch commented Dec 19, 2024

@feanil are you working on a PR for this? @Anas12091101 from our team could get started on one if you haven't.

Presumably we have to wait for 2U's analysis in edx/edx-arch-experiments#872 before merging.

@feanil
Copy link
Contributor

feanil commented Dec 19, 2024

@pdpinch I'd love it if @Anas12091101 can pick it up, happy to review!

@Anas12091101
Copy link
Contributor

Working on it. I'll create a PR soon

@Anas12091101
Copy link
Contributor

@pdpinch @feanil PR ready for review: #36054

@timmc-edx
Copy link
Contributor

edx.org has been switched over to blake2b, so 2U is ready for this DEPR to proceed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
depr Proposal for deprecation & removal per OEP-21
Projects
Status: Communicated
Development

No branches or pull requests

4 participants