Application Initiated Hash Upgrading - Dell DX6000 Application Manual

that the stored content has always been as it is now, and that it has always been associated with the
same UUID.
Note
Range headers are not compatible with integrity seals. If the seal is incorrect, the
connection might be closed prematurely. For more information about integrity seals, see
Section 20.1, "Integrity

20.3. Application Initiated Hash Upgrading

From time to time, cryptographers and mathematicians may defeat a cryptographic algorithm,
making it possible for hackers to generate different content that has exactly the same hash value
as some other, previously stored content. This has already happened with the md5 and sha1
algorithms, but not sha256, sha384 or sha512. Unlike other Fixed Content Storage solutions, DX
Storage allows a user or application to upgrade a hash algorithm for an existing individual integrity
seal. This is done by issuing a READ request with the name or UUID, the current hashtype and
hash, and then specifying a different, presumably stronger, hashtype in the newhashtype query
parameter. Of course this should be done before any exploit of the old algorithm becomes well
known and available. For example:
GET http://129.69.251.143/41A140B5271DC8D22FF8D027176A0821?hashtype=md5&
This READ request will first validate the given integrity seal, then reseal it by wrapping the content in
the new, upgraded hash algorithm – sha256 in the example. If the requested object fails to validate
against its integrity seal, DX Storage will send a 200 OK response but then drop the connection prior
to sending the object content. On the other hand, if the object validates properly, a new integrity seal
will be returned with the new hashtype and hash value.
Copyright © 2010 Caringo, Inc.
All rights reserved
Seals".
hash=7A25E6067904EAC8002498CF1AE33023&newhashtype=sha256 HTTP/1.1
72
Version 5.0
December 2010