[jira] [Created] (SPARK-47318) AuthEngine key exchange needs additional KDF round

Steve Weis (Jira) Thu, 07 Mar 2024 09:28:04 -0800

Steve Weis created SPARK-47318:
----------------------------------

             Summary:  AuthEngine key exchange needs additional KDF round
                 Key: SPARK-47318
                 URL: https://issues.apache.org/jira/browse/SPARK-47318
             Project: Spark
          Issue Type: Bug
          Components: Security
    Affects Versions: 4.0.0
            Reporter: Steve Weis



AuthEngine implements a bespoke [key exchange protocol 
|[https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto]|https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto].]
 based on the NNpsk0 Noise pattern and using X25519.

The Spark code improperly uses the derived shared secret directly, which is a 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Created] (SPARK-47318) AuthEngine key exchange needs additional KDF round

Reply via email to