Jiang created ZOOKEEPER-4363:
--------------------------------
Summary: ZooKeeper digest authentication uses the insecure SHA1
algorithm.
Key: ZOOKEEPER-4363
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4363
Project: ZooKeeper
Issue Type: Improvement
Components: server
Affects Versions: 3.6.2
Reporter: Jiang
*When the ZooKeeper uses digest authentication, the SHA1 encryption mode is
used to encrypt passwords. The PBKDF2 encryption algorithm is recommended.* :)
{code:java}
DigestAuthenticationProvider.java
public static String generateDigest(String idPassword) throws
NoSuchAlgorithmException {
String[] parts = idPassword.split(":", 2);
byte[] digest =
MessageDigest.getInstance("SHA1").digest(idPassword.getBytes());
return parts[0] + ":" + base64Encode(digest);
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
