[HIVE-17226] Use strong hashing as security improvement - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: Security
Labels:
None

Description

There have been 2 places identified where weak hashing needs to be replaced by SHA256.

1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is mapped to SHA-1, which is not secure enough according to today's standards. We should use SHA-256 instead.

2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak and should be replaced by DigestUtils.sha256Hex.

Attachments

Sub-Tasks

1.	Use SHA-256 for cookie signer to improve security		Closed	Tao Li
2.	Use SHA-256 for GenericUDFMaskHash to improve security		Closed	Tao Li

Activity

People

Assignee:: Tao Li

Reporter:: Tao Li

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 01/Aug/17 22:29

Updated:: 29/Sep/17 14:05

Resolved:: 15/Sep/17 22:59