You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2018/11/22 16:19:00 UTC

[jira] [Created] (ZOOKEEPER-3197) Improve documentation in ZooKeeperServer.superSecret

Colm O hEigeartaigh created ZOOKEEPER-3197:
----------------------------------------------

             Summary: Improve documentation in ZooKeeperServer.superSecret
                 Key: ZOOKEEPER-3197
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3197
             Project: ZooKeeper
          Issue Type: Task
            Reporter: Colm O hEigeartaigh


A security scan flagged the use of a hard-coded secret (ZooKeeperServer.superSecret) in conjunction with a java Random instance to generate a password:

byte[] generatePasswd(long id) {
        Random r = new Random(id ^ superSecret);
        byte p[] = new byte[16];
        r.nextBytes(p);
        return p;
    }

superSecret has the following javadoc:

 /**
   * This is the secret that we use to generate passwords, for the moment it
   * is more of a sanity check.
   */

It is unclear from this comment and looking at the code why it is not a security risk. It would be good to update the javadoc along the lines of "Using a hard-coded secret with Random to generate is not a security risk because the resulting passwords are used for X and not for authentication" or something would be very helpful for anyone else looking at the code.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)