hadoop-mapreduce-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gopi Krishnan Nambiar (JIRA)" <j...@apache.org>
Subject [jira] [Created] (MAPREDUCE-7189) Generating secrets for authenticating shuffle transfer is not Fedramp compliant
Date Fri, 01 Mar 2019 20:05:00 GMT
Gopi Krishnan Nambiar created MAPREDUCE-7189:
------------------------------------------------

             Summary: Generating secrets for authenticating shuffle transfer is not Fedramp
compliant
                 Key: MAPREDUCE-7189
                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-7189
             Project: Hadoop Map/Reduce
          Issue Type: Improvement
          Components: job submission
            Reporter: Gopi Krishnan Nambiar


Currently, the mode of generating secrets for authenticating shuffle transfers is not Fedramp
compliant. 

See [https://github.com/apache/hadoop/blob/a49cb4465e6849a4346dcfa6f4a235d6fde917d3/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapreduce/JobSubmitter.java#L177] to
see the relevant sections.

Specifically the HMAC/SHA1 algorithm does not have the requisite key length of at least 112
bits for Fedramp High compliance and the HMAC/SHA1 is not compliant and needs to be changed
to SHA-256/HMAC instead,



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: mapreduce-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: mapreduce-dev-help@hadoop.apache.org


Mime
View raw message