accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <>
Subject [jira] [Updated] (ACCUMULO-4737) Clean up cipher algorithm configuration
Date Fri, 10 Nov 2017 14:11:00 GMT


Christopher Tubbs updated ACCUMULO-4737:
    Fix Version/s: 2.0.0

> Clean up cipher algorithm configuration
> ---------------------------------------
>                 Key: ACCUMULO-4737
>                 URL:
>             Project: Accumulo
>          Issue Type: Improvement
>            Reporter: Nick Felts
>            Assignee: Nick Felts
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 2.0.0
>          Time Spent: 2.5h
>  Remaining Estimate: 0h
> The two property options:
>   crypto.cipher.suite
> are not used intuitively. For example, as far as I can tell, the only place the cipher
suite's algorithm name is used is to check for NullCipher. I even tested this using bogus
strings to confirm. Instead, once the suite is found to not indicate NullCipher, the
replaces the algorithm found in the cipher suite for all further uses.
> Further, the suite is parsed out into padding and mode options, which only exist to pass
a few unit tests and reconstruct the cipher suite using the other specified algorithm.
> This leads to some unintuitive behavior, where someone specifying an algorithm in the
cipher suite is not necessarily using their intended algorithm, unless both options specified
the the same algorithm.
> To clean this up, the algorithm specified should be renamed and used for key generation,
since some keys can be used across different algorithms (,
and the cipher suite can be used as stated, instead of deconstructing it to then reconstruct

This message was sent by Atlassian JIRA

View raw message