[jira] [Updated] (HIVE-17226) Use strong hashing as security improvement
[
https://issues.apache.org/jira/browse/HIVE-17226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thejas M Nair updated HIVE-17226:
-
Fix Version/s: (was: 3.0.0)
> Use strong hashing as security improvement
> --
>
> Key: HIVE-17226
> URL: https://issues.apache.org/jira/browse/HIVE-17226
> Project: Hive
> Issue Type: Improvement
> Components: Security
>Reporter: Tao Li
>Assignee: Tao Li
>
> There have been 2 places identified where weak hashing needs to be replaced
> by SHA256.
> 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is
> mapped to SHA-1, which is not secure enough according to today's standards.
> We should use SHA-256 instead.
> 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak
> and should be replaced by DigestUtils.sha256Hex.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (HIVE-17226) Use strong hashing as security improvement
[
https://issues.apache.org/jira/browse/HIVE-17226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thejas M Nair updated HIVE-17226:
-
Resolution: Fixed
Fix Version/s: 3.0.0
Status: Resolved (was: Patch Available)
> Use strong hashing as security improvement
> --
>
> Key: HIVE-17226
> URL: https://issues.apache.org/jira/browse/HIVE-17226
> Project: Hive
> Issue Type: Improvement
> Components: Security
>Reporter: Tao Li
>Assignee: Tao Li
> Fix For: 3.0.0
>
>
> There have been 2 places identified where weak hashing needs to be replaced
> by SHA256.
> 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is
> mapped to SHA-1, which is not secure enough according to today's standards.
> We should use SHA-256 instead.
> 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak
> and should be replaced by DigestUtils.sha256Hex.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (HIVE-17226) Use strong hashing as security improvement
[
https://issues.apache.org/jira/browse/HIVE-17226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thejas M Nair updated HIVE-17226:
-
Attachment: (was: HIVE-17226.1.patch)
> Use strong hashing as security improvement
> --
>
> Key: HIVE-17226
> URL: https://issues.apache.org/jira/browse/HIVE-17226
> Project: Hive
> Issue Type: Improvement
> Components: Security
>Reporter: Tao Li
>Assignee: Tao Li
> Fix For: 3.0.0
>
>
> There have been 2 places identified where weak hashing needs to be replaced
> by SHA256.
> 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is
> mapped to SHA-1, which is not secure enough according to today's standards.
> We should use SHA-256 instead.
> 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak
> and should be replaced by DigestUtils.sha256Hex.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (HIVE-17226) Use strong hashing as security improvement
[
https://issues.apache.org/jira/browse/HIVE-17226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tao Li updated HIVE-17226:
--
Status: Open (was: Patch Available)
> Use strong hashing as security improvement
> --
>
> Key: HIVE-17226
> URL: https://issues.apache.org/jira/browse/HIVE-17226
> Project: Hive
> Issue Type: Improvement
> Components: Security
>Reporter: Tao Li
>Assignee: Tao Li
> Attachments: HIVE-17226.1.patch
>
>
> There have been 2 places identified where weak hashing needs to be replaced
> by SHA256.
> 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is
> mapped to SHA-1, which is not secure enough according to today's standards.
> We should use SHA-256 instead.
> 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak
> and should be replaced by DigestUtils.sha256Hex.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (HIVE-17226) Use strong hashing as security improvement
[
https://issues.apache.org/jira/browse/HIVE-17226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tao Li updated HIVE-17226:
--
Status: Patch Available (was: Open)
> Use strong hashing as security improvement
> --
>
> Key: HIVE-17226
> URL: https://issues.apache.org/jira/browse/HIVE-17226
> Project: Hive
> Issue Type: Improvement
> Components: Security
>Reporter: Tao Li
>Assignee: Tao Li
> Attachments: HIVE-17226.1.patch
>
>
> There have been 2 places identified where weak hashing needs to be replaced
> by SHA256.
> 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is
> mapped to SHA-1, which is not secure enough according to today's standards.
> We should use SHA-256 instead.
> 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak
> and should be replaced by DigestUtils.sha256Hex.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (HIVE-17226) Use strong hashing as security improvement
[
https://issues.apache.org/jira/browse/HIVE-17226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tao Li updated HIVE-17226:
--
Status: Patch Available (was: Open)
> Use strong hashing as security improvement
> --
>
> Key: HIVE-17226
> URL: https://issues.apache.org/jira/browse/HIVE-17226
> Project: Hive
> Issue Type: Improvement
> Components: Security
>Reporter: Tao Li
>Assignee: Tao Li
> Attachments: HIVE-17226.1.patch
>
>
> There have been 2 places identified where weak hashing needs to be replaced
> by SHA256.
> 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is
> mapped to SHA-1, which is not secure enough according to today's standards.
> We should use SHA-256 instead.
> 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak
> and should be replaced by DigestUtils.sha256Hex.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (HIVE-17226) Use strong hashing as security improvement
[
https://issues.apache.org/jira/browse/HIVE-17226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tao Li updated HIVE-17226:
--
Attachment: HIVE-17226.1.patch
> Use strong hashing as security improvement
> --
>
> Key: HIVE-17226
> URL: https://issues.apache.org/jira/browse/HIVE-17226
> Project: Hive
> Issue Type: Improvement
> Components: Security
>Reporter: Tao Li
>Assignee: Tao Li
> Attachments: HIVE-17226.1.patch
>
>
> There have been 2 places identified where weak hashing needs to be replaced
> by SHA256.
> 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is
> mapped to SHA-1, which is not secure enough according to today's standards.
> We should use SHA-256 instead.
> 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak
> and should be replaced by DigestUtils.sha256Hex.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (HIVE-17226) Use strong hashing as security improvement
[
https://issues.apache.org/jira/browse/HIVE-17226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tao Li updated HIVE-17226:
--
Component/s: (was: Hive)
Security
> Use strong hashing as security improvement
> --
>
> Key: HIVE-17226
> URL: https://issues.apache.org/jira/browse/HIVE-17226
> Project: Hive
> Issue Type: Improvement
> Components: Security
>Reporter: Tao Li
>Assignee: Tao Li
>
> There have been 2 places identified where weak hashing needs to be replaced
> by SHA256.
> 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is
> mapped to SHA-1, which is not secure enough according to today's standards.
> We should use SHA-256 instead.
> 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak
> and should be replaced by DigestUtils.sha256Hex.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (HIVE-17226) Use strong hashing as security improvement
[
https://issues.apache.org/jira/browse/HIVE-17226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tao Li updated HIVE-17226:
--
Component/s: Hive
> Use strong hashing as security improvement
> --
>
> Key: HIVE-17226
> URL: https://issues.apache.org/jira/browse/HIVE-17226
> Project: Hive
> Issue Type: Improvement
> Components: Hive
>Reporter: Tao Li
>Assignee: Tao Li
>
> There have been 2 places identified where weak hashing needs to be replaced
> by SHA256.
> 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is
> mapped to SHA-1, which is not secure enough according to today's standards.
> We should use SHA-256 instead.
> 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak
> and should be replaced by DigestUtils.sha256Hex.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
