ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Endre Kovacs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1644) Change the default Crypt Algo to use stronger cryptographic algo.
Date Tue, 07 Nov 2017 16:33:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16242320#comment-16242320

Endre Kovacs commented on RANGER-1644:

Hi [~bosco]

# no, user passwors are *not* affected by this code change, only service user's passwords.
AFAIK regular, non-service user passwords are only hashed by org.apache.ranger.biz.UserMgr.encrypt(String,
# un-affected
# Other places this decryption is taking place (besides the already mentioned service create
and service update) are:
* various places at ranger plugins: 
** org.apache.ranger.plugin.client.BaseClient.login() to obtain loginSubject if kerberos is
** to programmatically log in using HTTPBasicAuth from ranger plugins (eg.: AtlasClient#getStatusResponse,
KnoxClient#getTopologyList, ServiceSolarClient#getCollection|Cores|FieldsList) to GET|POST
plugin specific data from the given component's rest api

for a complete list of affected places, see usage of method org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(String)

Best regards,

> Change the default Crypt Algo to use stronger cryptographic algo. 
> ------------------------------------------------------------------
>                 Key: RANGER-1644
>                 URL: https://issues.apache.org/jira/browse/RANGER-1644
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Selvamohan Neethiraj
>            Assignee: Endre Kovacs
>            Priority: Critical
>         Attachments: 0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch
> Change the default crypt algorithm to use a stronger cipher algorithm

This message was sent by Atlassian JIRA

View raw message