Skip to content

Pac4jSessionStore: Update Salt Size#15758

Merged
abhishekagarwal87 merged 2 commits intoapache:masterfrom
pagrawal10:pagrawal/updateSaltSize
Jan 25, 2024
Merged

Pac4jSessionStore: Update Salt Size#15758
abhishekagarwal87 merged 2 commits intoapache:masterfrom
pagrawal10:pagrawal/updateSaltSize

Conversation

@pagrawal10
Copy link
Copy Markdown
Contributor

@pagrawal10 pagrawal10 commented Jan 25, 2024

As part of becoming FIPS compliance, we are seeing this error: salt must be at least 128 bits when we run the Druid code against FIPS Compliant cryptographic security providers.
This PR fixes the salt size used in Pac4jSessionStore.java

Description

Salting refers to adding random data to a hash function to obtain a unique output which refers to the hash. Even when the same input is used, it is possible to obtain different and unique hashes. These hashes aim to strengthen security, protect against dictionary attacks, brute-force attacks, and several others. Very short salts are easier to attack and breach, thereby compromising your password.

Fixed the bug ...

Salt Size while invoking CryptoService must be atleast 128 bits.

Renamed the class

None

Added a forbidden-apis entry ...

None

Release note



This PR has:

  • been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • a release note entry in the PR description.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

@abhishekagarwal87 abhishekagarwal87 merged commit ed6df26 into apache:master Jan 25, 2024
@adarshsanjeev adarshsanjeev added this to the 30.0.0 milestone May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants