[jira] [Updated] (ZOOKEEPER-4363) ZooKeeper digest authentication uses the insecure SHA1 algorithm.

ASF GitHub Bot (Jira) Fri, 17 Sep 2021 02:29:04 -0700


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated ZOOKEEPER-4363:
--------------------------------------
    Labels: pull-request-available  (was: )

> ZooKeeper digest authentication uses the insecure SHA1 algorithm.
> -----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4363
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4363
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: server
>    Affects Versions: 3.6.2
>            Reporter: Jiang
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> *When the ZooKeeper uses digest authentication, the SHA1 encryption mode is 
> used to encrypt passwords. The PBKDF2 encryption algorithm is recommended.* :)
> {code:java}
> DigestAuthenticationProvider.java 
> public static String generateDigest(String idPassword) throws 
> NoSuchAlgorithmException {
>  String[] parts = idPassword.split(":", 2);
>  byte[] digest = 
> MessageDigest.getInstance("SHA1").digest(idPassword.getBytes());
>  return parts[0] + ":" + base64Encode(digest);
> }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (ZOOKEEPER-4363) ZooKeeper digest authentication uses the insecure SHA1 algorithm.

Reply via email to