hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liu (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10734) Implementation of true secure random with high performance using hardware random number generator.
Date Tue, 08 Jul 2014 06:12:34 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10734?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Yi Liu updated HADOOP-10734:

    Attachment: HADOOP-10734.3.patch

Thanks [~cmccabe] for review. I update the patch for your comments.

I was just suggesting looping until they're not equal. This catches the case where it's always
returning a constant value (it will timeout). So I don't see why we "need to assert something."
OK, I see. I update them in the new patch.

This is still wrong. If you don't want to use gettid, you can use some code like this:
After discussion with you, I have further looked into Openssl implementation. You are right,
Openssl just requires distinct ids for different threads(It compares locking thread id with
thread id got from callback to decide whether lock for operations). So both the two approaches
you suggested are good, I prefer gettid. 
In the new patch, I make syscall for SYS_gettid.

> Implementation of true secure random with high performance using hardware random number
> --------------------------------------------------------------------------------------------------
>                 Key: HADOOP-10734
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10734
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Yi Liu
>            Assignee: Yi Liu
>             Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>         Attachments: HADOOP-10734.1.patch, HADOOP-10734.2.patch, HADOOP-10734.3.patch,
> This JIRA is to implement Secure random using JNI to OpenSSL, and implementation should
be thread-safe.
> Utilize RdRand to return random numbers from hardware random number generator. It's TRNG(True
Random Number generators) having much higher performance than {{java.security.SecureRandom}}.

> https://wiki.openssl.org/index.php/Random_Numbers
> http://en.wikipedia.org/wiki/RdRand
> https://software.intel.com/en-us/articles/performance-impact-of-intel-secure-key-on-openssl

This message was sent by Atlassian JIRA

View raw message