Uploaded image for project: 'Hadoop Map/Reduce'
  1. Hadoop Map/Reduce
  2. MAPREDUCE-7189

Generating secrets for authenticating shuffle transfer is not Fedramp compliant

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • job submission
    • None

    Description

      Currently, the mode of generating secrets for authenticating shuffle transfers is not Fedramp compliant. 

      See https://github.com/apache/hadoop/blob/a49cb4465e6849a4346dcfa6f4a235d6fde917d3/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapreduce/JobSubmitter.java#L177 to see the relevant sections.

      Specifically the HMAC/SHA1 algorithm does not have the requisite key length of at least 112 bits for Fedramp High compliance and the HMAC/SHA1 is not compliant and needs to be changed to SHA-256/HMAC instead,

      Attachments

        Activity

          People

            gkrishnan Gopi Krishnan Nambiar
            gkrishnan Gopi Krishnan Nambiar
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated: