[jira] [Updated] (NIFI-7125) Extend SecureHasher interface to provide implementation-specific "full hash output" string representation

Andy LoPresto (Jira) Mon, 10 Feb 2020 15:27:41 -0800


     [ 
https://issues.apache.org/jira/browse/NIFI-7125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andy LoPresto updated NIFI-7125:
--------------------------------
    Description: 
The current {{SecureHasher}} interface only provides methods which output the 
"pure" hash of the input (in raw, hex, and Base64 encodings). There should be 
additional methods which provide the output in the "full" representation, 
including the algorithm indicator, cost parameters, and salt. 

Example: {{$2a$10$ABCDEFGHIJKLMNOPQRSTUV$<pure hash output>}}

It may be sufficient to simply output the full string representation, or a new 
POJO datatype may be necessary. The benefit of such container should be weighed 
against the need for algorithm-specific containers in the event the fields are 
not sufficiently generic.  

The interface should also provide a {{boolean matches(String input, String 
hash)}} method to determine if an existing input value matches a generated 
("full") hash output. 

  was:
The current {{SecureHasher}} interface only provides methods which output the 
"pure" hash of the input (in raw, hex, and Base64 encodings). There should be 
additional methods which provide the output in the "full" representation, 
including the algorithm indicator, cost parameters, and salt. 

Example: {{$2a$10$ABCDEFGHIJKLMNOPQRSTUV$<pure hash output>}}

It may be sufficient to simply output the full string representation, or a new 
POJO datatype may be necessary. The benefit of such container should be weighed 
against the need for algorithm-specific containers in the event the fields are 
not sufficiently generic.  


> Extend SecureHasher interface to provide implementation-specific "full hash 
> output" string representation
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-7125
>                 URL: https://issues.apache.org/jira/browse/NIFI-7125
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Security
>    Affects Versions: 1.11.1
>            Reporter: Andy LoPresto
>            Priority: Major
>              Labels: hashing, security
>
> The current {{SecureHasher}} interface only provides methods which output the 
> "pure" hash of the input (in raw, hex, and Base64 encodings). There should be 
> additional methods which provide the output in the "full" representation, 
> including the algorithm indicator, cost parameters, and salt. 
> Example: {{$2a$10$ABCDEFGHIJKLMNOPQRSTUV$<pure hash output>}}
> It may be sufficient to simply output the full string representation, or a 
> new POJO datatype may be necessary. The benefit of such container should be 
> weighed against the need for algorithm-specific containers in the event the 
> fields are not sufficiently generic.  
> The interface should also provide a {{boolean matches(String input, String 
> hash)}} method to determine if an existing input value matches a generated 
> ("full") hash output. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (NIFI-7125) Extend SecureHasher interface to provide implementation-specific "full hash output" string representation

Reply via email to