You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Andy LoPresto (Jira)" <ji...@apache.org> on 2020/02/10 23:27:00 UTC
[jira] [Updated] (NIFI-7125) Extend SecureHasher interface to
provide implementation-specific "full hash output" string representation
[ https://issues.apache.org/jira/browse/NIFI-7125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy LoPresto updated NIFI-7125:
--------------------------------
Description:
The current {{SecureHasher}} interface only provides methods which output the "pure" hash of the input (in raw, hex, and Base64 encodings). There should be additional methods which provide the output in the "full" representation, including the algorithm indicator, cost parameters, and salt.
Example: {{$2a$10$ABCDEFGHIJKLMNOPQRSTUV$<pure hash output>}}
It may be sufficient to simply output the full string representation, or a new POJO datatype may be necessary. The benefit of such container should be weighed against the need for algorithm-specific containers in the event the fields are not sufficiently generic.
The interface should also provide a {{boolean matches(String input, String hash)}} method to determine if an existing input value matches a generated ("full") hash output.
was:
The current {{SecureHasher}} interface only provides methods which output the "pure" hash of the input (in raw, hex, and Base64 encodings). There should be additional methods which provide the output in the "full" representation, including the algorithm indicator, cost parameters, and salt.
Example: {{$2a$10$ABCDEFGHIJKLMNOPQRSTUV$<pure hash output>}}
It may be sufficient to simply output the full string representation, or a new POJO datatype may be necessary. The benefit of such container should be weighed against the need for algorithm-specific containers in the event the fields are not sufficiently generic.
> Extend SecureHasher interface to provide implementation-specific "full hash output" string representation
> ---------------------------------------------------------------------------------------------------------
>
> Key: NIFI-7125
> URL: https://issues.apache.org/jira/browse/NIFI-7125
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
> Affects Versions: 1.11.1
> Reporter: Andy LoPresto
> Priority: Major
> Labels: hashing, security
>
> The current {{SecureHasher}} interface only provides methods which output the "pure" hash of the input (in raw, hex, and Base64 encodings). There should be additional methods which provide the output in the "full" representation, including the algorithm indicator, cost parameters, and salt.
> Example: {{$2a$10$ABCDEFGHIJKLMNOPQRSTUV$<pure hash output>}}
> It may be sufficient to simply output the full string representation, or a new POJO datatype may be necessary. The benefit of such container should be weighed against the need for algorithm-specific containers in the event the fields are not sufficiently generic.
> The interface should also provide a {{boolean matches(String input, String hash)}} method to determine if an existing input value matches a generated ("full") hash output.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)