Steve Weis created SPARK-47318: ---------------------------------- Summary: AuthEngine key exchange needs additional KDF round Key: SPARK-47318 URL: https://issues.apache.org/jira/browse/SPARK-47318 Project: Spark Issue Type: Bug Components: Security Affects Versions: 4.0.0 Reporter: Steve Weis
AuthEngine implements a bespoke [key exchange protocol |[https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto]|https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto].] based on the NNpsk0 Noise pattern and using X25519. The Spark code improperly uses the derived shared secret directly, which is a -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org