Tao Li created HIVE-17226: ----------------------------- Summary: Use strong hashing as security improvement Key: HIVE-17226 URL: https://issues.apache.org/jira/browse/HIVE-17226 Project: Hive Issue Type: Improvement Reporter: Tao Li Assignee: Tao Li
There have been 2 places identified where weak hashing needs to be replaced by SHA256. 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is mapped to SHA-1, which is not secure enough according to today's standards. We should use SHA-256 instead. 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak and should be replaced by DigestUtils.sha256Hex. -- This message was sent by Atlassian JIRA (v6.4.14#64029)