cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Blake Eggleston (JIRA)" <>
Subject [jira] [Created] (CASSANDRA-11810) IV misuse in hints encryption
Date Mon, 16 May 2016 15:53:12 GMT
Blake Eggleston created CASSANDRA-11810:

             Summary: IV misuse in hints encryption
                 Key: CASSANDRA-11810
             Project: Cassandra
          Issue Type: Bug
            Reporter: Blake Eggleston
            Assignee: Jason Brown
             Fix For: 3.7

Encrypted hint files share iv values between encrypted chunks. The cipher should be reinitialized
with a new iv for each discrete piece of data it encrypts, otherwise it gives attackers something
to compare between chunks of data. Also, some cipher configurations don't support initialization
vectors ('AES/ECB/NoPadding'), so some logic should be added to determine if the cipher should
be initialized with an iv.

This message was sent by Atlassian JIRA

View raw message