hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ranadip Chatterjee <ranadi...@gmail.com>
Subject Re: Encryption At Rest Question
Date Sat, 21 Feb 2015 07:42:13 GMT
In case of SSL enabled cluster, the DEK will be encrypted on the wire by
the SSL layer.

In case of non-SSL enabled cluster, it is not. But the intercepter only
gets the DEK and not the encrypted data, so the data is still safe. Only if
the intercepter also manages to gain access to the encrypted data block and
associate that with the corresponding DEK, then the data is compromised.
Given that each HDFS file has a different DEK, the intercepter has to gain
quite a bit of access before the data is compromised.

On 18 February 2015 at 00:04, Plamen Jeliazkov <
plamen.jeliazkov@wandisco.com> wrote:

> Hey guys,
>
> I had a question about how the new file encryption work done primarily in
> HDFS-6134.
>
> I was just curious, how is the DEK protected on the wire?
> Particularly after the KMS decrypts the EDEK and returns it to the client.
>
> Thanks,
> -Plamen
>
>
>
> 5 reasons your Hadoop needs WANdisco
> <http://www.wandisco.com/system/files/documentation/5-Reasons.pdf>
>
> Listed on the London Stock Exchange: WAND
> <http://www.bloomberg.com/quote/WAND:LN>
>
> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE
> PRIVILEGED.  If this message was misdirected, WANdisco, Inc. and its
> subsidiaries, ("WANdisco") does not waive any confidentiality or
> privilege.  If you are not the intended recipient, please notify us
> immediately and destroy the message without disclosing its contents to
> anyone.  Any distribution, use or copying of this e-mail or the information
> it contains by other than an intended recipient is unauthorized.  The views
> and opinions expressed in this e-mail message are the author's own and may
> not reflect the views and opinions of WANdisco, unless the author is
> authorized by WANdisco to express such views or opinions on its behalf.
> All email sent to or from this address is subject to electronic storage and
> review by WANdisco.  Although WANdisco operates anti-virus programs, it
> does not accept responsibility for any damage whatsoever caused by viruses
> being passed.
>



-- 
Regards,
Ranadip Chatterjee

Mime
View raw message