hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wangda Tan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-15235) Authentication Tokens should use HMAC instead of MAC
Date Mon, 19 Mar 2018 18:26:03 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-15235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Wangda Tan updated HADOOP-15235:
    Fix Version/s: 3.1.0

> Authentication Tokens should use HMAC instead of MAC
> ----------------------------------------------------
>                 Key: HADOOP-15235
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15235
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.10.0, 3.2.0
>            Reporter: Robert Kanter
>            Assignee: Robert Kanter
>            Priority: Major
>             Fix For: 3.1.0, 2.10.0, 3.2.0
>         Attachments: HADOOP-15235.001.patch, HADOOP-15235.002.patch
> We currently use {{MessageDigest}} to compute a "SHA" MAC for signing Authentication
Tokens.  Firstly, what "SHA" maps to is dependent on the JVM and Cryptography Provider.  While
they _should_ do something reasonable, it's probably a safer idea to pick a specific algorithm.
 It looks like the Oracle JVM picks SHA-1; though something like SHA-256 would be better.
> In any case, it would also be better to use an HMAC algorithm instead.
> Changing from SHA-1 to SHA-256 or MAC to HMAC won't generate equivalent signatures, so
this would normally be an incompatible change because the server wouldn't accept previous
tokens it issued with the older algorithm.  However, Authentication Tokens are used as a cheaper
shortcut for Kerberos, so it's expected for users to also have Kerberos credentials; in this
case, the Authentication Token will be rejected, but it will silently retry using Kerberos,
and get an updated token.  So this should all be transparent to the user.
> And finally, the code where we verify a signature uses a non-constant-time comparison,
which could be subject to timing attacks.  I believe it would be quite difficult in this case
to do so, but we're probably better off using a constant-time comparison.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message