[ https://issues.apache.org/jira/browse/HADOOP-14246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16311658#comment-16311658 ]
Robert Kanter commented on HADOOP-14246: ---------------------------------------- I can take a look later today. > Authentication Tokens should use SecureRandom instead of Random and 256 bit > secrets > ----------------------------------------------------------------------------------- > > Key: HADOOP-14246 > URL: https://issues.apache.org/jira/browse/HADOOP-14246 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 2.9.0 > Reporter: Robert Kanter > Assignee: Robert Kanter > Fix For: 2.9.0, 3.0.0-alpha4, 2.8.4 > > Attachments: HADOOP-14246.001.patch > > > {{RandomSignerSecretProvider}} and {{ZKSignerSecretProvider}} currently use a > {{long}} generated by {{Random}} (which is then converted to a {{String}} and > is 160 bits) for secrets. > We should improve this to use 256 bit secrets generated by {{SecureRandom}}. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org