rapid7/metasploit-credential

post/multi/gather/ssh_creds allows to trigger a ActiveRecord::StatementInvalid PG::ProgramLimitExceeded: ERROR

jvazquez-r7 opened this issue · 7 comments

jvazquez-r7 commented

@usertaken found a metasploit-credential related error when working with post/multi/gather/ssh_creds. ( rapid7/metasploit-framework#4886 )

Basically, trying to import a 8192bits (or longer) RSA key triggers the next error:

[-] Post failed: ActiveRecord::StatementInvalid PG::ProgramLimitExceeded: ERROR:  index row size 6408 exceeds maximum 2712 for index "index_metasploit_credential_privates_on_type_and_data"
HINT:  Values larger than 1/3 of a buffer page cannot be indexed.
Consider a function index of an MD5 hash of the value, or use full text indexing.
: INSERT INTO "metasploit_credential_privates" ("created_at", "data", "type", "updated_at") VALUES ($1, $2, $3, $4) RETURNING "id"
[-] Call stack:
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/postgresql_adapter.rb:810:in `get_last_result'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/postgresql_adapter.rb:810:in `exec_cache'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/postgresql/database_statements.rb:139:in `block in exec_query'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract_adapter.rb:442:in `block in log'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activesupport-4.0.13/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract_adapter.rb:437:in `log'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/postgresql/database_statements.rb:137:in `exec_query'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/postgresql/database_statements.rb:181:in `exec_insert'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:97:in `insert'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/query_cache.rb:14:in `insert'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/relation.rb:76:in `insert'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/persistence.rb:513:in `_create_record'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/attribute_methods/dirty.rb:78:in `_create_record'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:306:in `block in _create_record'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:373:in `_run__3811821103018841406__create__callbacks'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:80:in `run_callbacks'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:306:in `_create_record'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/timestamp.rb:57:in `_create_record'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/persistence.rb:481:in `create_or_update'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:302:in `block in create_or_update'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:383:in `_run__3811821103018841406__save__callbacks'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:80:in `run_callbacks'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:302:in `create_or_update'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/persistence.rb:103:in `save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/validations.rb:51:in `save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/attribute_methods/dirty.rb:32:in `save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:270:in `block (2 levels) in save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:330:in `block in with_transaction_returning_status'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:203:in `block in transaction'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:211:in `within_new_transaction'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:203:in `transaction'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:209:in `transaction'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:327:in `with_transaction_returning_status'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:270:in `block in save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:285:in `rollback_active_record_state!'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:269:in `save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/persistence.rb:34:in `create'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/relation.rb:121:in `block in create'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/relation.rb:270:in `scoping'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/relation.rb:121:in `create'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/relation.rb:133:in `first_or_create'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/metasploit-credential-1.0.0/lib/metasploit/credential/creation.rb:391:in `block in create_credential_private'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/metasploit-credential-1.0.0/lib/metasploit/credential/creation.rb:532:in `retry_transaction'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/metasploit-credential-1.0.0/lib/metasploit/credential/creation.rb:383:in `create_credential_private'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/metasploit-credential-1.0.0/lib/metasploit/credential/creation.rb:130:in `create_credential'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/lib/msf/core/auxiliary/report.rb:34:in `create_credential'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:81:in `block (2 levels) in download_loot'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:59:in `each'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:59:in `block in download_loot'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:46:in `each'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:46:in `download_loot'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:41:in `run'
[*] Post module execution completed
msf post(ssh_creds) >

Steps to Reproduce

In order to reproduce:

  • Set up a linux target machine. I've used Ubuntu server 12.04
  • Generate a ssh 8192 bits rsa key. No passphrase. Save it in the default location ~/.ssh
juan@ubuntu:~$ ssh-keygen -b 8192 -t rsa
Generating public/private rsa key pair.

Enter file in which to save the key (/home/juan/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/juan/.ssh/id_rsa.
Your public key has been saved in /home/juan/.ssh/id_rsa.pub.
The key fingerprint is:
59:53:9d:19:be:51:ef:d2:2c:80:d7:46:69:da:db:60 juan@ubuntu
The key's randomart image is:
+--[ RSA 8192]----+
|            ..o=.|
|           o +*..|
|          + o+= .|
|         o o.oE* |
|        S    .+++|
|              .o.|
|                 |
|                 |
|                 |
+-----------------+
  • Get a linux shell session on the target. Just execute an elf with the shell payload. The user should have access to the ~/.ssh/id_rsa generated in the step above, of course :)
msf post(ssh_creds) > use exploit/multi/handler
msf exploit(handler) > run

[*] Started reverse handler on 172.16.158.1:4444
[*] Starting the payload handler...
[*] Sending stage (36 bytes) to 172.16.158.136
[*] Command shell session 3 opened (172.16.158.1:4444 -> 172.16.158.136:34002) at 2015-06-29 13:24:17 -0500

^Z
Background session 3? [y/N]  y
  • use post/multi/gather/ssh_creds on the new session to reproduce the crash.
msf post(ssh_creds) > set session 3
session => 3
msf post(ssh_creds) > workspace
  default
  report_auth_info_test
  glassfish
* ssh_creds
msf post(ssh_creds) > run

[*] Finding .ssh directories
[*] Looting 1 directories
[+] Downloaded /home/juan/.ssh/id_rsa -> /Users/jvazquez/.msf4/loot/20150629132444_ssh_creds_172.16.158.136_ssh.id_rsa_436134.txt
HINT:  Values larger than 1/3 of a buffer page cannot be indexed.
Consider a function index of an MD5 hash of the value, or use full text indexing.
: INSERT INTO "metasploit_credential_privates" ("created_at", "data", "type", "updated_at") VALUES ($1, $2, $3, $4) RETURNING "id"
[-] Call stack:
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/postgresql_adapter.rb:810:in `get_last_result'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/postgresql_adapter.rb:810:in `exec_cache'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/postgresql/database_statements.rb:139:in `block in exec_query'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract_adapter.rb:442:in `block in log'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activesupport-4.0.13/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract_adapter.rb:437:in `log'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/postgresql/database_statements.rb:137:in `exec_query'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/postgresql/database_statements.rb:181:in `exec_insert'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:97:in `insert'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/query_cache.rb:14:in `insert'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/relation.rb:76:in `insert'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/persistence.rb:513:in `_create_record'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/attribute_methods/dirty.rb:78:in `_create_record'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:306:in `block in _create_record'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:373:in `_run__3811821103018841406__create__callbacks'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:80:in `run_callbacks'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:306:in `_create_record'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/timestamp.rb:57:in `_create_record'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/persistence.rb:481:in `create_or_update'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:302:in `block in create_or_update'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:383:in `_run__3811821103018841406__save__callbacks'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activesupport-4.0.13/lib/active_support/callbacks.rb:80:in `run_callbacks'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/callbacks.rb:302:in `create_or_update'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/persistence.rb:103:in `save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/validations.rb:51:in `save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/attribute_methods/dirty.rb:32:in `save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:270:in `block (2 levels) in save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:330:in `block in with_transaction_returning_status'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:203:in `block in transaction'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:211:in `within_new_transaction'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/connection_adapters/abstract/database_statements.rb:203:in `transaction'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:209:in `transaction'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:327:in `with_transaction_returning_status'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:270:in `block in save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:285:in `rollback_active_record_state!'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/transactions.rb:269:in `save'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/persistence.rb:34:in `create'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/relation.rb:121:in `block in create'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/relation.rb:270:in `scoping'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/relation.rb:121:in `create'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/activerecord-4.0.13/lib/active_record/relation.rb:133:in `first_or_create'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/metasploit-credential-1.0.0/lib/metasploit/credential/creation.rb:391:in `block in create_credential_private'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/metasploit-credential-1.0.0/lib/metasploit/credential/creation.rb:532:in `retry_transaction'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/metasploit-credential-1.0.0/lib/metasploit/credential/creation.rb:383:in `create_credential_private'
[-]   /Users/jvazquez/.rvm/gems/ruby-2.1.6@metasploit-framework/gems/metasploit-credential-1.0.0/lib/metasploit/credential/creation.rb:130:in `create_credential'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/lib/msf/core/auxiliary/report.rb:34:in `create_credential'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:81:in `block (2 levels) in download_loot'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:59:in `each'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:59:in `block in download_loot'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:46:in `each'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:46:in `download_loot'
[-]   /Users/jvazquez/Projects/Code/metasploit-framework/modules/post/multi/gather/ssh_creds.rb:41:in `run'
[*] Post module execution completed
msf post(ssh_creds) > [*] 172.16.158.136 - Command shell session 3 closed.  Reason: Died from EOFError

Since @dmaloney-r7 added the reporting to the module ( rapid7/metasploit-framework@90c63ef ) I bet the reporting of rsa keys as privates is intended and should be supported.

Apparently the problem is due to the index on the metasploit_credential_privates table ( https://github.com/rapid7/metasploit-credential/blob/master/db/migrate/20140407212345_create_metasploit_credential_privates.rb#L23 ) I bet the index is needed for searching or whatever. Since I forget the design decisions behind the metasploit-credential database, and definitely I don't master postgresql, I decided to create the issue here. I'd be happy to help with fixing after discussion :) Thanks!

trosen-r7 commented

Yeah looks like we're busting the index limit here. I like the system's suggested fix: using a function index w/ MD5. @limhoff-r7 how do you feel about that?

limhoff-r7 commented

index_metasploit_credential_privates_on_type_and_data is a unique index, so we want to prevent collisions if possible. Can we use a different hashing function like sha1 instead of md5?

trosen-r7 commented

I'm not worried about collisions at this level. In any case, Postgre just seems to provide "HASH" as an index method as far as I can tell, without giving you options on what hashing function is actually used. Still investigating that though.

trosen-r7 commented

Tracked internally as MSP-12860

jlee-r7 commented

MD5 is still very good at not colliding in the absence of very specifically crafted data in some specific circumstances. Since this is not security sensitive, I don't see a reason to avoid it.

trosen-r7 commented

HASH type is moot here -- can't do it for uniques or for multi-column indices. We will need to solve this by adding a checksum column and creating a btree index that uses checksum of the data column plus the type column. Should have a fix in for this soon.

wvu commented

Fixed in #124.