Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14246

Authentication Tokens should use SecureRandom instead of Random and 256 bit secrets

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.9.0
    • 2.9.0, 3.0.0-alpha4, 2.8.4, 2.7.6
    • security
    • None

    Description

      RandomSignerSecretProvider and ZKSignerSecretProvider currently use a long generated by Random (which is then converted to a String and is 160 bits) for secrets.

      We should improve this to use 256 bit secrets generated by SecureRandom.

      Attachments

        1. HADOOP-14246.001.patch
          16 kB
          Robert Kanter

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rkanter Robert Kanter
            rkanter Robert Kanter
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment