hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-10065) Stronger validation of key unwrapping
Date Tue, 03 Dec 2013 06:57:45 GMT

    [ https://issues.apache.org/jira/browse/HBASE-10065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13837409#comment-13837409
] 

Andrew Purtell commented on HBASE-10065:
----------------------------------------

Patch passes local tests and IntegrationTestIngestWithEncryption.

> Stronger validation of key unwrapping
> -------------------------------------
>
>                 Key: HBASE-10065
>                 URL: https://issues.apache.org/jira/browse/HBASE-10065
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>            Priority: Minor
>             Fix For: 0.98.0
>
>         Attachments: 10065.patch
>
>
> In EncryptionUtil#unwrapKey we use a CRC32 to validate the successful unwrapping of a
data key. I chose a CRC32 to limit overhead. There is only a 1 in 2^32 chance of a random
collision, low enough to be extremely unlikely. However, I was talking with my colleague Jerry
Chen today about this. A cryptographic hash would lower the probability to essentially zero
and we are only wrapping data keys once per HColumnDescriptor and once per HFile, saving a
few bytes here and there only really. Might as well use the SHA of the data key and in addition
consider running AES in GCM mode to cover that hash as additional authenticated data.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message