[ https://issues.apache.org/jira/browse/YARN-11738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17895838#comment-17895838 ]
ASF GitHub Bot commented on YARN-11738: --------------------------------------- szetszwo commented on PR #7144: URL: https://github.com/apache/hadoop/pull/7144#issuecomment-2458503651 @K0K0V0K , thanks for working on this! If we change the HMAC and key length, then the keys generated before this change and after this change won't be the same. Then, this become an incompatible change. We probably need to add confs to set the algorithm and key length for backward compatibility. > Modernize SecretManager config > ------------------------------ > > Key: YARN-11738 > URL: https://issues.apache.org/jira/browse/YARN-11738 > Project: Hadoop YARN > Issue Type: Improvement > Components: yarn > Affects Versions: 3.4.1 > Reporter: Bence Kosztolnik > Assignee: Bence Kosztolnik > Priority: Major > Labels: pull-request-available > > FIPS-compliant HMAC-SHA1 algorithms require secret keys to be at least 112 > bits long. > https://github.com/apache/hadoop/blob/98c2bc87b1445c533268c58d382ea4e4297303fd/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/SecretManager.java#L144 > Should be set to 128 to be FIPS compatible. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org