You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Jiang (Jira)" <ji...@apache.org> on 2021/09/01 08:45:00 UTC
[jira] [Created] (ZOOKEEPER-4363) ZooKeeper digest authentication
uses the insecure SHA1 algorithm.
Jiang created ZOOKEEPER-4363:
--------------------------------
Summary: ZooKeeper digest authentication uses the insecure SHA1 algorithm.
Key: ZOOKEEPER-4363
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4363
Project: ZooKeeper
Issue Type: Improvement
Components: server
Affects Versions: 3.6.2
Reporter: Jiang
*When the ZooKeeper uses digest authentication, the SHA1 encryption mode is used to encrypt passwords. The PBKDF2 encryption algorithm is recommended.* :)
{code:java}
DigestAuthenticationProvider.java
public static String generateDigest(String idPassword) throws NoSuchAlgorithmException {
String[] parts = idPassword.split(":", 2);
byte[] digest = MessageDigest.getInstance("SHA1").digest(idPassword.getBytes());
return parts[0] + ":" + base64Encode(digest);
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)