[
https://issues.apache.org/jira/browse/SPARK-47318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834987#comment-17834987
]
Dongjoon Hyun commented on SPARK-47318:
---------------------------------------
I added a target version (3.4.3) based on the dev mailing list discussion.
- https://lists.apache.org/thread/htq3hwfyh6kg28d8bq2n3v60fpn7s375
> AuthEngine key exchange needs additional KDF round
> ---------------------------------------------------
>
> Key: SPARK-47318
> URL: https://issues.apache.org/jira/browse/SPARK-47318
> Project: Spark
> Issue Type: Bug
> Components: Security
> Affects Versions: 4.0.0
> Reporter: Steve Weis
> Priority: Minor
> Labels: pull-request-available
>
> AuthEngine implements a bespoke [key exchange protocol
> |[https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto]|https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto].]
> based on the NNpsk0 Noise pattern and using X25519.
> The Spark code improperly uses the derived shared secret directly, which is
> an encoded X coordinate. This should be passed into a KDF rather than used
> directly.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
