Provide Thread Safe, Fast Hashing Method

[pickypg]

With things like GDPR on the horizon, the desire to hash certain data fields at the Elasticsearch level seems like a very attractive feature to natively support. It would be ideal if whatever did was available to Ingest and hopefully Painless.

Just exposing an instance of MessageDigest is likely to be very inefficient since it is not thread safe. Most systems expect SHA-256 these days rather than MD5 or SHA-1.

Workaround

It's possible to whitelist the MessageDigest class in Painless via a whitelist plugin. Alternatively, you could write a separate plugin and whitelist that code, or implement a custom Ingest processor plugin.

[elasticmachine]

Pinging @elastic/es-core-infra

[rjernst]

I don't think this should be available by default in eg search scripts (filter or scoring). @talevy has mentioned before the desire to add additional whitelisted methods/classes to ingest. This should go in there.

[pickypg]

I don't think this should be available by default in eg search scripts (filter or scoring).

I completely agree.

[jasontedor]

We have org.elasticsearch.common.hash.MessageDigests which provides thread local MessageDigest instances. I benchmarked this a long time ago (for uses in the security codebase) and doing it in this way was the winning play.

[martijnvg]

Closing in favour of #34085