Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3696

support SHA2 and SHA3 for ACL digest

    XMLWordPrintableJSON

    Details

      Description

      DigestAuthenticationProvider is using SHA1 which is known to be broken, eg recently:
      https://shattered.io/
      https://sha-mbles.github.io/
      etc...

      We should mark DigestAuthenticationProvider as deprecated at a minimum, perhaps even just remove it asap. The docs should also reflect this (ie don't use)

      We could replace DigestAuthenticationProvider with DigestAuthenticationProvider3 or similar (use SHA3, not SHA2 if we do so) Or perhaps a version that allows the user to select? Regardless, would be good to give a simple option to the end user.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                maoling maoling
                Reporter:
                phunt Patrick D. Hunt
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m