[ https://issues.apache.org/jira/browse/SPARK-47318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mridul Muralidharan resolved SPARK-47318. ----------------------------------------- Fix Version/s: 4.0.0 Resolution: Fixed Issue resolved by pull request 45425 [https://github.com/apache/spark/pull/45425] > AuthEngine key exchange needs additional KDF round > --------------------------------------------------- > > Key: SPARK-47318 > URL: https://issues.apache.org/jira/browse/SPARK-47318 > Project: Spark > Issue Type: Bug > Components: Security > Affects Versions: 4.0.0 > Reporter: Steve Weis > Assignee: Steve Weis > Priority: Minor > Labels: pull-request-available > Fix For: 4.0.0 > > > AuthEngine implements a bespoke [key exchange protocol > |[https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto]|https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto].] > based on the NNpsk0 Noise pattern and using X25519. > The Spark code improperly uses the derived shared secret directly, which is > an encoded X coordinate. This should be passed into a KDF rather than used > directly. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org