[ 
https://issues.apache.org/jira/browse/HIVE-17226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16111758#comment-16111758
 ] 

Andrew Sherman commented on HIVE-17226:
---------------------------------------

Hi [~taoli-hwx] I have no idea, sorry. That's why I'm asking, in the hope of 
learning something. 

> Use strong hashing as security improvement
> ------------------------------------------
>
>                 Key: HIVE-17226
>                 URL: https://issues.apache.org/jira/browse/HIVE-17226
>             Project: Hive
>          Issue Type: Improvement
>          Components: Security
>            Reporter: Tao Li
>            Assignee: Tao Li
>
> There have been 2 places identified where weak hashing needs to be replaced 
> by SHA256.
> 1. CookieSigner.java uses MessageDigest.getInstance("SHA"). Mostly SHA is 
> mapped to SHA-1, which is not secure enough according to today's standards. 
> We should use SHA-256 instead.
> 2. GenericUDFMaskHash.java uses DigestUtils.md5Hex. MD5 is considered weak 
> and should be replaced by DigestUtils.sha256Hex.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to