[
https://issues.apache.org/jira/browse/MAPREDUCE-7189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786947#comment-16786947
]
Peter Bacsko commented on MAPREDUCE-7189:
-----------------------------------------
Assigning this to myself.
> Generating secrets for authenticating shuffle transfer is not Fedramp
> compliant
> -------------------------------------------------------------------------------
>
> Key: MAPREDUCE-7189
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-7189
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Components: job submission
> Reporter: Gopi Krishnan Nambiar
> Assignee: Peter Bacsko
> Priority: Major
>
> Currently, the mode of generating secrets for authenticating shuffle
> transfers is not Fedramp compliant.
> See
> [https://github.com/apache/hadoop/blob/a49cb4465e6849a4346dcfa6f4a235d6fde917d3/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapreduce/JobSubmitter.java#L177]
> to see the relevant sections.
> Specifically the HMAC/SHA1 algorithm does not have the requisite key length
> of at least 112 bits for Fedramp High compliance and the HMAC/SHA1 is not
> compliant and needs to be changed to SHA-256/HMAC instead,
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
