Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3696

Support alternative algorithms for ACL digest

    XMLWordPrintableJSON

Details

    Description

      DigestAuthenticationProvider is using SHA1 which is known to be broken, eg recently:
      https://shattered.io/
      https://sha-mbles.github.io/
      etc...

      We should mark DigestAuthenticationProvider as deprecated at a minimum, perhaps even just remove it asap. The docs should also reflect this (ie don't use)

      We could replace DigestAuthenticationProvider with DigestAuthenticationProvider3 or similar (use SHA3, not SHA2 if we do so) Or perhaps a version that allows the user to select? Regardless, would be good to give a simple option to the end user.

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. ZOOKEEPER-3976 write a script to encapsulate DigestAuthenticationProvider as a tool to generate the digest with algorithm users appoint

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          links to

          Web Link GitHub Pull Request #1318

          Activity

            People

              maoling Ling Mao
              phunt Patrick D. Hunt
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 5h 20m
                  5h 20m