Differential D17619

Remove SHA1 file content hashing and make Files work without any hashing
ClosedPublic
Actions

Authored by epriestley on Apr 4 2017, 10:24 PM.

Details

Reviewers

chad

Maniphest Tasks

T12464: Move away from SHA1 in Files

Commits

rP440ef5b7a7e4: Remove SHA1 file content hashing and make Files work without any hashing

Summary

Ref T12464. We currently use SHA1 to detect when two files have the same content so we don't have to store two copies of the data.

Now that a SHA1 collision is known, this is theoretically dangerous. T12464 describes the shape of a possible attack.

Before replacing this with something more robust, shore things up so things work correctly if we don't hash at all. This mechanism is entirely optional; it only helps us store less data if some files are duplicates.

(This mechanism is also less important now than it once was, before we added temporary files.)

Test Plan

Uploaded multiple identical files, saw the uploads work and the files store separate copies of the same data.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Apr 4 2017, 10:24 PM

Harbormaster completed remote builds in B16298: Diff 42371.Apr 4 2017, 10:26 PM

chad accepted this revision.Apr 4 2017, 10:31 PM

This revision is now accepted and ready to land.Apr 4 2017, 10:31 PM

epriestley mentioned this in D17621: Allow "arc upload" to work correctly if it can not hash content.Apr 4 2017, 10:48 PM

Closed by commit rP440ef5b7a7e4: Remove SHA1 file content hashing and make Files work without any hashing (authored by epriestley, committed by epriestley). · Explain WhyApr 4 2017, 11:22 PM

This revision was automatically updated to reflect the committed changes.

epriestley mentioned this in rARCc4e84550fcd3: Allow "arc upload" to work correctly if it can not hash content.Apr 4 2017, 11:24 PM

epriestley mentioned this in T12509: Plan the path forward from HMAC-SHA1.Apr 5 2017, 8:20 PM

Revision Contents
Changeset List

Path

Size

src/

applications/

files/

conduit/

FileAllocateConduitAPIMethod.php

11 lines

FileUploadConduitAPIMethod.php

26 lines

storage/

PhabricatorFile.php

64 lines

__tests__/

PhabricatorFileTestCase.php

5 lines

Diff 42382

View Options

src/applications/files/conduit/FileAllocateConduitAPIMethod.php

View Options

src/applications/files/conduit/FileUploadConduitAPIMethod.php

View Options

src/applications/files/storage/PhabricatorFile.php

View Options

src/applications/files/storage/tests/PhabricatorFileTestCase.php

Remove SHA1 file content hashing and make Files work without any hashingClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 42382

src/applications/files/conduit/FileAllocateConduitAPIMethod.php

src/applications/files/conduit/FileUploadConduitAPIMethod.php

src/applications/files/storage/PhabricatorFile.php

src/applications/files/storage/__tests__/PhabricatorFileTestCase.php

Remove SHA1 file content hashing and make Files work without any hashing
ClosedPublic
Actions

Revision Contents
Changeset List

src/applications/files/storage/tests/PhabricatorFileTestCase.php