Gopi Krishnan Nambiar created MAPREDUCE-7189: ------------------------------------------------
Summary: Generating secrets for authenticating shuffle transfer is not Fedramp compliant Key: MAPREDUCE-7189 URL: https://issues.apache.org/jira/browse/MAPREDUCE-7189 Project: Hadoop Map/Reduce Issue Type: Improvement Components: job submission Reporter: Gopi Krishnan Nambiar Currently, the mode of generating secrets for authenticating shuffle transfers is not Fedramp compliant. See [https://github.com/apache/hadoop/blob/a49cb4465e6849a4346dcfa6f4a235d6fde917d3/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapreduce/JobSubmitter.java#L177] to see the relevant sections. Specifically the HMAC/SHA1 algorithm does not have the requisite key length of at least 112 bits for Fedramp High compliance and the HMAC/SHA1 is not compliant and needs to be changed to SHA-256/HMAC instead, -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: mapreduce-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: mapreduce-dev-h...@hadoop.apache.org