Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.2.0
-
None
Description
In SPARK-13331, support for AES encryption was added to the Spark network library. But the authentication of different Spark processes is still performed using SASL's DIGEST-MD5 mechanism. That means the authentication part is the weakest link; since the AES keys are currently encrypted using 3des (strongest cipher supported by SASL), Spark can't really claim to provide the full benefits of using AES for encryption.
We should add a new auth protocol that doesn't need these disclaimers.