Tao Li created HIVE-17226:
-----------------------------
Summary: Use strong hashing as security improvement
Key: HIVE-17226
URL: https://issues.apache.org/jira/browse/HIVE-17226
Project: Hive
Issue Type: Improvement
Reporter: Tao Li
Assignee: Tao Li
There have been 2 places identified where weak hashing needs to be replaced by
SHA256.
1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is
mapped to SHA-1, which is not secure enough according to today's standards. We
should use SHA-256 instead.
2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak and
should be replaced by DigestUtils.sha256Hex.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
