[
https://issues.apache.org/jira/browse/HADOOP-19869?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-19869:
------------------------------------
Description:
While doing other cleanup, I've noticed that the default checksum algorithm and
key length for generating secrets (block tokens, job tokens) are out of date by
modern standards. Not broken, just weak.
Change the defaults to sha256 and 256 bits.
Note that Sha 256 is becoming more vulnerable; not worrying about that as these
are ephemeral secrets
https://stateofutopia.com/papers/2/we-broke-92-percent-of-sha-256.html
was:
While doing other cleanup, I've noticed that the default checksum algorithm and
key length for generating secrets (block tokens, job tokens) are out of date by
modern standards. Not broken, just weak.
Change the defaults
> Modernize secret manager default algorithm and key length
> ---------------------------------------------------------
>
> Key: HADOOP-19869
> URL: https://issues.apache.org/jira/browse/HADOOP-19869
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.5.0, 3.4.3
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Minor
>
> While doing other cleanup, I've noticed that the default checksum algorithm
> and key length for generating secrets (block tokens, job tokens) are out of
> date by modern standards. Not broken, just weak.
> Change the defaults to sha256 and 256 bits.
> Note that Sha 256 is becoming more vulnerable; not worrying about that as
> these are ephemeral secrets
> https://stateofutopia.com/papers/2/we-broke-92-percent-of-sha-256.html
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
