[
https://issues.apache.org/jira/browse/HADOOP-19869?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated HADOOP-19869:
------------------------------------
Labels: pull-request-available (was: )
> Modernize secret manager default algorithm and key length
> ---------------------------------------------------------
>
> Key: HADOOP-19869
> URL: https://issues.apache.org/jira/browse/HADOOP-19869
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.5.0, 3.4.3
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Minor
> Labels: pull-request-available
>
> While doing other cleanup, I've noticed that the default checksum algorithm
> and key length for generating secrets (block tokens, job tokens) are out of
> date by modern standards. Not broken, just weak.
> Change the defaults to sha256 and 256 bits.
> Note that Sha 256 is becoming more vulnerable; not worrying about that as
> these are ephemeral secrets
> [https://stateofutopia.com/papers/2/we-broke-92-percent-of-sha-256.html]
> This is the same as setting
> {{hadoop.security.secret-manager.key-length 256}}
> {{hadoop.security.secret-manager.key-generator.algorithm HmacSHA256}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
