Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14246

Authentication Tokens should use SecureRandom instead of Random and 256 bit secrets

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.9.0
    • Fix Version/s: 2.9.0, 3.0.0-alpha4, 2.8.4, 2.7.6
    • Component/s: security
    • Labels:
      None

      Description

      RandomSignerSecretProvider and ZKSignerSecretProvider currently use a long generated by Random (which is then converted to a String and is 160 bits) for secrets.

      We should improve this to use 256 bit secrets generated by SecureRandom.

        Attachments

          Activity

            People

            • Assignee:
              rkanter Robert Kanter
              Reporter:
              rkanter Robert Kanter
            • Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: