[jira] [Commented] (YARN-11738) Modernize SecretManager config

Wed, 20 Nov 2024 08:46:04 -0800 


    [ 
https://issues.apache.org/jira/browse/YARN-11738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17899819#comment-17899819
 ] 

ASF GitHub Bot commented on YARN-11738:
---------------------------------------

K0K0V0K commented on code in PR #7144:
URL: https://github.com/apache/hadoop/pull/7144#discussion_r1850662681


##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/SecretManager.java:
##########
@@ -111,12 +117,26 @@ public void checkAvailableForRead() throws 
StandbyException {
   /**
    * The name of the hashing algorithm.
    */
+  private static final String HMAC_ALGORITHM = 
"hadoop.security.hmac-algorithm";
   private static final String DEFAULT_HMAC_ALGORITHM = "HmacSHA1";
+  private static final String SELECTED_ALGORITHM;
 
   /**
    * The length of the random keys to use.
    */
-  private static final int KEY_LENGTH = 64;
+  private static final String HMAC_LENGTH = "hadoop.security.hmac-length";
+  private static final int DEFAULT_HMAC_LENGTH = 64;
+  private static final int SELECTED_LENGTH;
+
+  static {
+    Configuration conf = new Configuration();
+    String algorithm = conf.get(HMAC_ALGORITHM, DEFAULT_HMAC_ALGORITHM);

Review Comment:
   Thanks @brumi1024!
   
   No they are not. I will add them to the core-defaults.xml





> Modernize SecretManager config
> ------------------------------
>
>                 Key: YARN-11738
>                 URL: https://issues.apache.org/jira/browse/YARN-11738
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: yarn
>    Affects Versions: 3.4.1
>            Reporter: Bence Kosztolnik
>            Assignee: Bence Kosztolnik
>            Priority: Major
>              Labels: pull-request-available
>
> FIPS-compliant HMAC-SHA1 algorithms require secret keys to be at least 112 
> bits long. 
> https://github.com/apache/hadoop/blob/98c2bc87b1445c533268c58d382ea4e4297303fd/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/SecretManager.java#L144
> Should be set to 128 to be FIPS compatible.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to