Discussion:
FIPS compliance?
Torsten Rendelmann
2009-03-07 17:59:38 UTC
Permalink
Hi,



I just got back user complaints about this:

System.TypeInitializationException: The type initializer for
'Lucene.Net.Store.FSDirectory' threw an exception. --->
System.SystemException: System.Reflection.TargetInvocationException:
Exception has been thrown by the target of an invocation. --->
System.InvalidOperationException: This implementation is not part of the
Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
--- End of inner exception stack trace ---



We use an older version (2.0.x) of lucense.net in our public release,
but as I see in FSDirectory type initializer there is still the
MD5-non-FIPS compliant hash provider in use.

What is the best way to get a FIPS compliant lucene.net assembly? I can
change the code manually here, but then I have to apply that every time
we adopt a newer version L



Useful link:
http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptograp
hic-algorithms.html



Any hints?



Torsten







Torsten Rendelmann






Bergstr. 26
88138 Weissensberg
Germany

near Lindau (Lake of Constance)


<mailto:***@gmx.net> ***@gmx.net
<http://www.rendelmann.info/blog/> http://www.rendelmann.info/blog/


tel:


<http://www.plaxo.com/click_to_call?src=jj_signature&To=%2B49+8389+98449
0&Email=***@rssbandit.org> +49 8389 984490





<https://www.plaxo.com/add_me?u=30065227899&v0=910826&k0=614476248&v1=91
0827&k1=620516059> Add me to your address book...

<http://www.plaxo.com/signature> Want a signature like this?
DIGY
2009-03-07 19:27:15 UTC
Permalink
Lucene.Java also uses MD5 and Lucene.Net is supposed to be compatible with
it at API and index level. Therefore, unless java version changes the hash
algorithm, I don't think that a code change can be done in Lucene.Net.



DIGY



From: Torsten Rendelmann [mailto:***@gmx.net]
Sent: Saturday, March 07, 2009 8:00 PM
To: lucene-net-***@incubator.apache.org
Cc: lucene-net-***@incubator.apache.org
Subject: FIPS compliance?
Importance: High



Hi,



I just got back user complaints about this:

System.TypeInitializationException: The type initializer for
'Lucene.Net.Store.FSDirectory' threw an exception. --->
System.SystemException: System.Reflection.TargetInvocationException:
Exception has been thrown by the target of an invocation. --->
System.InvalidOperationException: This implementation is not part of the
Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
--- End of inner exception stack trace ---



We use an older version (2.0.x) of lucense.net in our public release, but as
I see in FSDirectory type initializer there is still the MD5-non-FIPS
compliant hash provider in use.

What is the best way to get a FIPS compliant lucene.net assembly? I can
change the code manually here, but then I have to apply that every time we
adopt a newer version L



Useful link:
http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-
algorithms.html



Any hints?



Torsten







Torsten Rendelmann






Bergstr. 26
88138 Weissensberg
Germany

near Lindau (Lake of Constance)


<mailto:***@gmx.net> ***@gmx.net
<http://www.rendelmann.info/blog/> http://www.rendelmann.info/blog/


tel:


<http://www.plaxo.com/click_to_call?src=jj_signature&To=%2B49+8389+984490&Em
ail=***@rssbandit.org> +49 8389 984490





<https://www.plaxo.com/add_me?u=30065227899&v0=910826&k0=614476248&v1=910827
&k1=620516059> Add me to your address book...

<http://www.plaxo.com/signature> Want a signature like this?
Dmitri Moore
2009-03-07 19:59:09 UTC
Permalink
Hi guys,

Is there any good documentation (tutorials, starting guide etc.) out
there on the Lucene.NET? We are interested in the latest 2.1.x version
in particular as we need to bring a couple of developers up-to-speed
ASAP for a new project. May be we can simply follow the Java version
documentation? Not sure.



Your recommendations will be very much appreciated,

Thank you,

Dmitri.



P.S. BTW, the Wiki link on
http://incubator.apache.org/projects/lucene.net.html has been broken for
a while now.
Glyn Darkin
2009-03-07 21:32:41 UTC
Permalink
I have just finished reading Lucene in Action;

http://www.manning.com/hatcher2/

Which was a great book, and has definitely put me on the right track.
And there is also now the revised version which is available as an
e-book.

http://www.manning.com/hatcher3/

Hope this helps.

G
Post by Dmitri Moore
Hi guys,
Is there any good documentation (tutorials, starting guide etc.) out
there on the Lucene.NET? We are interested in the latest 2.1.x version
in particular as we need to bring a couple of developers up-to-speed
ASAP for a new project. May be we can simply follow the Java version
documentation? Not sure.
Your recommendations will be very much appreciated,
Thank you,
Dmitri.
P.S. BTW, the Wiki link on
http://incubator.apache.org/projects/lucene.net.html has been broken for
a while now.
--
Glyn Darkin

Darkin Systems Ltd
Mob: 07961815649
Fax: 08717145065
Web: www.darkinsystems.com

Company No: 6173001
VAT No: 906350835
Dmitri Moore
2009-03-07 23:39:58 UTC
Permalink
Thanks, Glyn. Appreciate your input.

-----Original Message-----
From: Glyn Darkin [mailto:***@darkinsystems.com]
Sent: Saturday, March 07, 2009 1:33 PM
To: lucene-net-***@incubator.apache.org
Subject: Re: Lucene.Net Documentation

I have just finished reading Lucene in Action;

http://www.manning.com/hatcher2/

Which was a great book, and has definitely put me on the right track.
And there is also now the revised version which is available as an
e-book.

http://www.manning.com/hatcher3/

Hope this helps.

G
Post by Dmitri Moore
Hi guys,
Is there any good documentation (tutorials, starting guide etc.) out
there on the Lucene.NET? We are interested in the latest 2.1.x version
in particular as we need to bring a couple of developers up-to-speed
ASAP for a new project. May be we can simply follow the Java version
documentation? Not sure.
Your recommendations will be very much appreciated,
Thank you,
Dmitri.
P.S. BTW, the Wiki link on
http://incubator.apache.org/projects/lucene.net.html has been broken for
a while now.
--
Glyn Darkin

Darkin Systems Ltd
Mob: 07961815649
Fax: 08717145065
Web: www.darkinsystems.com

Company No: 6173001
VAT No: 906350835
Torsten Rendelmann
2009-03-07 20:35:59 UTC
Permalink
As far as I can see in lucene code the FSDirectory is the only place it
exist. I think, changing to use a FIPS compliant algorithm to calc the
lock file name is "safe" (mean: java-compat.) - the only case where I
can see the may have to use the same algorithm is if a java-lucene impl.
access the index with a writer at the same time as lucene.net - that
would be rarely the case: writing to the same index is only allowed by
one writer



But if you don't like it to change, maybe I can provide a patch with a
"#if FIPS_COMPLIANT" switch construct that is off by default (to be java
compatible if you like) ?



Torsten



From: DIGY [mailto:***@apache.org]
Sent: Saturday, March 07, 2009 8:27 PM
To: lucene-net-***@incubator.apache.org
Subject: RE: FIPS compliance?



Lucene.Java also uses MD5 and Lucene.Net is supposed to be compatible
with it at API and index level. Therefore, unless java version changes
the hash algorithm, I don't think that a code change can be done in
Lucene.Net.



DIGY



From: Torsten Rendelmann [mailto:***@gmx.net]
Sent: Saturday, March 07, 2009 8:00 PM
To: lucene-net-***@incubator.apache.org
Cc: lucene-net-***@incubator.apache.org
Subject: FIPS compliance?
Importance: High



Hi,



I just got back user complaints about this:

System.TypeInitializationException: The type initializer for
'Lucene.Net.Store.FSDirectory' threw an exception. --->
System.SystemException: System.Reflection.TargetInvocationException:
Exception has been thrown by the target of an invocation. --->
System.InvalidOperationException: This implementation is not part of the
Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
--- End of inner exception stack trace ---



We use an older version (2.0.x) of lucense.net in our public release,
but as I see in FSDirectory type initializer there is still the
MD5-non-FIPS compliant hash provider in use.

What is the best way to get a FIPS compliant lucene.net assembly? I can
change the code manually here, but then I have to apply that every time
we adopt a newer version L



Useful link:
http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptograp
hic-algorithms.html



Any hints?



Torsten







Torsten Rendelmann






Bergstr. 26
88138 Weissensberg
Germany

near Lindau (Lake of Constance)


<mailto:***@gmx.net> ***@gmx.net
<http://www.rendelmann.info/blog/> http://www.rendelmann.info/blog/


tel:


<http://www.plaxo.com/click_to_call?src=jj_signature&To=%2B49+8389+98449
0&Email=***@rssbandit.org> +49 8389 984490





<https://www.plaxo.com/add_me?u=30065227899&v0=910826&k0=614476248&v1=91
0827&k1=620516059> Add me to your address book...

<http://www.plaxo.com/signature> Want a signature like this?





__________ Information from ESET NOD32 Antivirus, version of virus
signature database 3917 (20090307) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
DIGY
2009-03-07 21:52:31 UTC
Permalink
Yes, "#if FIPS_COMPLIANT" seems to be a good solution but its java
incompatibility should be commented somewhere.

Can you open a JIRA issue for that?



DIGY







From: Torsten Rendelmann [mailto:***@gmx.net]
Sent: Saturday, March 07, 2009 10:36 PM
To: lucene-net-***@incubator.apache.org
Subject: RE: FIPS compliance?



As far as I can see in lucene code the FSDirectory is the only place it
exist. I think, changing to use a FIPS compliant algorithm to calc the lock
file name is "safe" (mean: java-compat.) - the only case where I can see the
may have to use the same algorithm is if a java-lucene impl. access the
index with a writer at the same time as lucene.net - that would be rarely
the case: writing to the same index is only allowed by one writer



But if you don't like it to change, maybe I can provide a patch with a "#if
FIPS_COMPLIANT" switch construct that is off by default (to be java
compatible if you like) ?



Torsten



From: DIGY [mailto:***@apache.org]
Sent: Saturday, March 07, 2009 8:27 PM
To: lucene-net-***@incubator.apache.org
Subject: RE: FIPS compliance?



Lucene.Java also uses MD5 and Lucene.Net is supposed to be compatible with
it at API and index level. Therefore, unless java version changes the hash
algorithm, I don't think that a code change can be done in Lucene.Net.



DIGY



From: Torsten Rendelmann [mailto:***@gmx.net]
Sent: Saturday, March 07, 2009 8:00 PM
To: lucene-net-***@incubator.apache.org
Cc: lucene-net-***@incubator.apache.org
Subject: FIPS compliance?
Importance: High



Hi,



I just got back user complaints about this:

System.TypeInitializationException: The type initializer for
'Lucene.Net.Store.FSDirectory' threw an exception. --->
System.SystemException: System.Reflection.TargetInvocationException:
Exception has been thrown by the target of an invocation. --->
System.InvalidOperationException: This implementation is not part of the
Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
--- End of inner exception stack trace ---



We use an older version (2.0.x) of lucense.net in our public release, but as
I see in FSDirectory type initializer there is still the MD5-non-FIPS
compliant hash provider in use.

What is the best way to get a FIPS compliant lucene.net assembly? I can
change the code manually here, but then I have to apply that every time we
adopt a newer version L



Useful link:
http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-
algorithms.html



Any hints?



Torsten







Torsten Rendelmann






Bergstr. 26
88138 Weissensberg
Germany

near Lindau (Lake of Constance)


<mailto:***@gmx.net> ***@gmx.net
<http://www.rendelmann.info/blog/> http://www.rendelmann.info/blog/


tel:


<http://www.plaxo.com/click_to_call?src=jj_signature&To=%2B49+8389+984490&Em
ail=***@rssbandit.org> +49 8389 984490





<https://www.plaxo.com/add_me?u=30065227899&v0=910826&k0=614476248&v1=910827
&k1=620516059> Add me to your address book...

<http://www.plaxo.com/signature> Want a signature like this?





__________ Information from ESET NOD32 Antivirus, version of virus signature
database 3917 (20090307) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
Torsten Rendelmann
2009-03-08 10:40:22 UTC
Permalink
OK, I did:
https://issues.apache.org/jira/secure/ManageAttachments.jspa?id=12416387
Post by Dmitri Moore
-----Original Message-----
Sent: Saturday, March 07, 2009 10:53 PM
Subject: RE: FIPS compliance?
Yes, "#if FIPS_COMPLIANT" seems to be a good solution but its java
incompatibility should be commented somewhere.
Can you open a JIRA issue for that?
DIGY
Sent: Saturday, March 07, 2009 10:36 PM
Subject: RE: FIPS compliance?
As far as I can see in lucene code the FSDirectory is the only
place it
exist. I think, changing to use a FIPS compliant algorithm to calc the lock
file name is "safe" (mean: java-compat.) - the only case where I can see the
may have to use the same algorithm is if a java-lucene impl. access the
index with a writer at the same time as lucene.net - that would be rarely
the case: writing to the same index is only allowed by one writer
But if you don't like it to change, maybe I can provide a patch with a "#if
FIPS_COMPLIANT" switch construct that is off by default (to be java
compatible if you like) ?
Torsten
Sent: Saturday, March 07, 2009 8:27 PM
Subject: RE: FIPS compliance?
Lucene.Java also uses MD5 and Lucene.Net is supposed to be
compatible with
it at API and index level. Therefore, unless java version changes the hash
algorithm, I don't think that a code change can be done in
Lucene.Net.
DIGY
Sent: Saturday, March 07, 2009 8:00 PM
Subject: FIPS compliance?
Importance: High
Hi,
System.TypeInitializationException: The type initializer for
'Lucene.Net.Store.FSDirectory' threw an exception. --->
Exception has been thrown by the target of an invocation. --->
System.InvalidOperationException: This implementation is not part of the
Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
--- End of inner exception stack trace ---
We use an older version (2.0.x) of lucense.net in our public
release, but as
I see in FSDirectory type initializer there is still the MD5-non-
FIPS
compliant hash provider in use.
What is the best way to get a FIPS compliant lucene.net assembly? I can
change the code manually here, but then I have to apply that every time we
adopt a newer version L
http://blog.aggregatedintelligence.com/2007/10/fips-validated-
cryptographic-
algorithms.html
Any hints?
Torsten
Torsten Rendelmann
Bergstr. 26
88138 Weissensberg
Germany
near Lindau (Lake of Constance)
<http://www.rendelmann.info/blog/>
http://www.rendelmann.info/blog/
<http://www.plaxo.com/click_to_call?src=jj_signature&To=%2B49+8389+
984490&Em
<https://www.plaxo.com/add_me?u=30065227899&v0=910826&k0=614476248&
v1=910827
&k1=620516059> Add me to your address book...
<http://www.plaxo.com/signature> Want a signature like this?
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 3917 (20090307) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 3917 (20090307) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
Continue reading on narkive:
Loading...