[jira] [Updated] (KUDU-1843) Client UUIDs should be cryptographically random
[ https://issues.apache.org/jira/browse/KUDU-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grant Henke updated KUDU-1843: -- Target Version/s: 1.13.0 (was: 1.8.0) > Client UUIDs should be cryptographically random > --- > > Key: KUDU-1843 > URL: https://issues.apache.org/jira/browse/KUDU-1843 > Project: Kudu > Issue Type: Improvement > Components: security >Affects Versions: 1.3.0 >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Critical > > Currently we use boost::uuid's default random generator, which is not > cryptographically random. This may increase the ease with which an attacker > could guess another client's client ID, which would potentially allow them to > perform DoS or try to steal the results of RPCs from the result cache. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (KUDU-1843) Client UUIDs should be cryptographically random
[ https://issues.apache.org/jira/browse/KUDU-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grant Henke updated KUDU-1843: -- Target Version/s: 1.8.0 (was: 1.7.0) > Client UUIDs should be cryptographically random > --- > > Key: KUDU-1843 > URL: https://issues.apache.org/jira/browse/KUDU-1843 > Project: Kudu > Issue Type: Improvement > Components: security >Affects Versions: 1.3.0 >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Critical > > Currently we use boost::uuid's default random generator, which is not > cryptographically random. This may increase the ease with which an attacker > could guess another client's client ID, which would potentially allow them to > perform DoS or try to steal the results of RPCs from the result cache. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KUDU-1843) Client UUIDs should be cryptographically random
[ https://issues.apache.org/jira/browse/KUDU-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Grant Henke updated KUDU-1843: -- Target Version/s: 1.7.0 (was: 1.4.0) > Client UUIDs should be cryptographically random > --- > > Key: KUDU-1843 > URL: https://issues.apache.org/jira/browse/KUDU-1843 > Project: Kudu > Issue Type: Improvement > Components: security >Affects Versions: 1.3.0 >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Critical > > Currently we use boost::uuid's default random generator, which is not > cryptographically random. This may increase the ease with which an attacker > could guess another client's client ID, which would potentially allow them to > perform DoS or try to steal the results of RPCs from the result cache. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KUDU-1843) Client UUIDs should be cryptographically random
[ https://issues.apache.org/jira/browse/KUDU-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Todd Lipcon updated KUDU-1843: -- Code Review: https://gerrit.cloudera.org/#/c/6347/ > Client UUIDs should be cryptographically random > --- > > Key: KUDU-1843 > URL: https://issues.apache.org/jira/browse/KUDU-1843 > Project: Kudu > Issue Type: Improvement > Components: security >Affects Versions: 1.3.0 >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Critical > > Currently we use boost::uuid's default random generator, which is not > cryptographically random. This may increase the ease with which an attacker > could guess another client's client ID, which would potentially allow them to > perform DoS or try to steal the results of RPCs from the result cache. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KUDU-1843) Client UUIDs should be cryptographically random
[ https://issues.apache.org/jira/browse/KUDU-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Todd Lipcon updated KUDU-1843: -- Status: In Review (was: Open) > Client UUIDs should be cryptographically random > --- > > Key: KUDU-1843 > URL: https://issues.apache.org/jira/browse/KUDU-1843 > Project: Kudu > Issue Type: Improvement > Components: security >Affects Versions: 1.3.0 >Reporter: Todd Lipcon >Assignee: Todd Lipcon >Priority: Critical > > Currently we use boost::uuid's default random generator, which is not > cryptographically random. This may increase the ease with which an attacker > could guess another client's client ID, which would potentially allow them to > perform DoS or try to steal the results of RPCs from the result cache. -- This message was sent by Atlassian JIRA (v6.3.15#6346)