[ 
https://issues.apache.org/jira/browse/YARN-11738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17895838#comment-17895838
 ] 

ASF GitHub Bot commented on YARN-11738:
---------------------------------------

szetszwo commented on PR #7144:
URL: https://github.com/apache/hadoop/pull/7144#issuecomment-2458503651

   @K0K0V0K , thanks for working on this!  
   
   If we change the HMAC and key length, then the keys generated before this 
change and after this change won't be the same.  Then, this become an 
incompatible change.
   
   We probably need to add confs to set the algorithm and key length for 
backward compatibility.




> Modernize SecretManager config
> ------------------------------
>
>                 Key: YARN-11738
>                 URL: https://issues.apache.org/jira/browse/YARN-11738
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: yarn
>    Affects Versions: 3.4.1
>            Reporter: Bence Kosztolnik
>            Assignee: Bence Kosztolnik
>            Priority: Major
>              Labels: pull-request-available
>
> FIPS-compliant HMAC-SHA1 algorithms require secret keys to be at least 112 
> bits long. 
> https://github.com/apache/hadoop/blob/98c2bc87b1445c533268c58d382ea4e4297303fd/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/SecretManager.java#L144
> Should be set to 128 to be FIPS compatible.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to