Deprecating SHA-1 as hashing algorithm in the attributesprocessor #5576

HuBaX · 2021-10-04T12:54:18Z

Is your feature request related to a problem? Please describe.
My organization wants to obscure the content of some attributes in spans for privacy reasons. However, the attributes that contain sensitive data should not be deleted. They want to be able to recognize a correlation between certain values and an error case despite the obscured data. At the moment it is possible to hash certain attributes by the attributesprocessor. SHA-1 is used as the hashing algorithm here even though it is officially insecure. However, to ensure privacy, my organization would like to use a secure hashing method. I also don't understand why SHA-1 is used for attribute hashing in the first place.

Describe the solution you'd like
I would like to discuss if it makes sense to offer a secure hashing method besides SHA-1 or even to replace SHA-1 completely with it. If it comes to the decision to use a more secure hashing method I would like to implement this new functionality.

This is a "repost" of a discussion I wanted to start a few weeks ago since no one seems to read the discussions.

github-actions · 2022-11-07T03:50:35Z

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

github-actions · 2023-03-11T17:55:57Z

Pinging code owners for processor/attributes: @boostchicken. See Adding Labels via Comments if you do not have permissions to add labels yourself.

atoulme · 2023-03-12T00:19:10Z

What hashing algo would you like?

Stop using sha-1, a deprecated hashing algorithm which triggers security reports, and use sha2-256 instead. Link to tracking Issue: Fixes #4759 and #5576

github-actions · 2023-06-01T03:34:26Z

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

processor/attributes: @boostchicken

See Adding Labels via Comments if you do not have permissions to add labels yourself.

atoulme · 2023-06-01T04:43:55Z

SHA-2 is now on by default. We can close.

github-actions bot added the Stale label Nov 7, 2022

atoulme added processor/attributes Attributes processor bug Something isn't working labels Mar 11, 2023

atoulme mentioned this issue Mar 18, 2023

replace sha1 with sha2-256 #19779

Merged

codeboten pushed a commit that referenced this issue Mar 24, 2023

replace sha1 with sha2-256 (#19779)

024a11c

Stop using sha-1, a deprecated hashing algorithm which triggers security reports, and use sha2-256 instead. Link to tracking Issue: Fixes #4759 and #5576

github-actions bot removed the Stale label Apr 1, 2023

github-actions bot added the Stale label Jun 1, 2023

atoulme closed this as completed Jun 1, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Deprecating SHA-1 as hashing algorithm in the attributesprocessor #5576

Deprecating SHA-1 as hashing algorithm in the attributesprocessor #5576

HuBaX commented Oct 4, 2021

github-actions bot commented Nov 7, 2022

Uh oh!

github-actions bot commented Mar 11, 2023

Uh oh!

atoulme commented Mar 12, 2023

Uh oh!

github-actions bot commented Jun 1, 2023

Uh oh!

atoulme commented Jun 1, 2023

Uh oh!