...and a question (SHA1 UUIDs)

Ken Murchison murch at andrew.cmu.edu
Thu Sep 6 10:35:48 EDT 2007

David Carter wrote:
> On Fri, 7 Sep 2007, Bron Gondwana wrote:
>>> If we go with a 'uuid_mode' option, my inclination is default it to 
>>> 'none' or 'off', so standalone servers aren't wasting CPU by doing 
>>> SHA1 (or else we couple check for 'sync_host' && 'uuid_mode' before 
>>> doing SHA1).
>> I'd be inclined to make them two separate choices, because sha1 in the
>> index is still very valuable for integrity checks and potentially
>> duplicate finding (post dated "single instance store" even!)
> Agreed.
> Do we want to to rename the UUID field (CHECKSUM? SHA1?) as part of the 
> work? The original name is rather accidental, and there is obvious 
> potential for confusion with UIDs.

That's a good point.  The fact that we are leveraging the SHA1 hash as 
the UUID is coincidental.  I vote for 'checksum', since the algorithm 
that we use *might* change in the future.

On another note, we can't include LGPL SHA1 code in our distro. I have 
two alternatives:

1.  Use the SHA1 implementation in OpenSSL.  This makes replication 
dependent on OpenSSL, but I've already done this with the IMAP URLAUTH 
extension, and I would assume that most sites compile with OpenSSL anyways.

2.  Use the free SHA1 reference code in RFC 3174.

Jeff (my CMU colleague) votes for using OpenSSL, and I'm inclined to agree.

Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University

More information about the Cyrus-devel mailing list