Dan Burkert has posted comments on this change. Change subject: [security] Add per-connection nonce for Kerberos replay resistance ......................................................................
Patch Set 5: (3 comments) http://gerrit.cloudera.org:8080/#/c/6137/5/src/kudu/security/crypto-test.cc File src/kudu/security/crypto-test.cc: PS5, Line 247: string('\0', kNonceSize) > consider addressing this TidyBot's comment Done http://gerrit.cloudera.org:8080/#/c/6137/5/src/kudu/security/crypto.cc File src/kudu/security/crypto.cc: Line 41: const size_t kNonceSize = 8; > http://security.stackexchange.com/questions/1952/how-long-should-a-random-n Done PS5, Line 250: s->resize(kNonceSize); : OPENSSL_RET_NOT_OK(RAND_bytes(reinterpret_cast<unsigned char*>(&s->front()), s->size()), : "failed to generate nonce"); : > if you want to avoid the C++ sketchiness, why not just add a local buffer? Done -- To view, visit http://gerrit.cloudera.org:8080/6137 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: If0fb433896963be5e81d349ebf3a044a458e6627 Gerrit-PatchSet: 5 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
