cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Bromhead (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-9633) Add ability to encrypt sstables
Date Thu, 17 Nov 2016 23:54:58 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-9633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15675196#comment-15675196
] 

Ben Bromhead commented on CASSANDRA-9633:
-----------------------------------------

ok, sounds great! Thanks for the hard work on this patch :) 

though If I could put in a minor (very small) request that compression is off by default/user
configurable. 

I wouldn't be comfortable with compression before encryption as it creates another avenue
where it is possible to leak information and increase the possibility of a CRIME style attack.
I know the accepted wisdom used to be that you should compress before you encrypt, as this
is the only way to reduce the size of what you encrypt, but it has since been proven to reduce
the security of the chosen encryption scheme.

If a user understands the added risk or it is unlikely an attacker would have control over
the plain text then they can opt in to using compression. 

> Add ability to encrypt sstables
> -------------------------------
>
>                 Key: CASSANDRA-9633
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9633
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Jason Brown
>            Assignee: Jason Brown
>              Labels: encryption, security, sstable
>             Fix For: 3.x
>
>
> Add option to allow encrypting of sstables.
> I have a version of this functionality built on cassandra 2.0 that piggy-backs on the
existing sstable compression functionality and ICompressor interface (similar in nature to
what DataStax Enterprise does). However, if we're adding the feature to the main OSS product,
I'm not sure if we want to use the pluggable compression framework or if it's worth investigating
a different path. I think there's a lot of upside in reusing the sstable compression scheme,
but perhaps add a new component in cqlsh for table encryption and a corresponding field in
CFMD.
> Encryption configuration in the yaml can use the same mechanism as CASSANDRA-6018 (which
is currently pending internal review).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message