hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ramkrishna.s.vasudevan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-16414) Improve performance for RPC encryption with Apache Common Crypto
Date Tue, 18 Oct 2016 04:28:58 GMT

    [ https://issues.apache.org/jira/browse/HBASE-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15584410#comment-15584410
] 

ramkrishna.s.vasudevan commented on HBASE-16414:
------------------------------------------------

[~apurtell], [~apurtell]
All comments from [~Apache9] also has been addressed wrt to Netty clients. Do you have some
comments now?
There are two +1s. But its better you can check this once as this is related to security before
this is commited. Thank you.

> Improve performance for RPC encryption with Apache Common Crypto
> ----------------------------------------------------------------
>
>                 Key: HBASE-16414
>                 URL: https://issues.apache.org/jira/browse/HBASE-16414
>             Project: HBase
>          Issue Type: Improvement
>          Components: IPC/RPC
>    Affects Versions: 2.0.0
>            Reporter: Colin Ma
>            Assignee: Colin Ma
>         Attachments: HBASE-16414.001.patch, HBASE-16414.002.patch, HBASE-16414.003.patch,
HBASE-16414.004.patch, HBASE-16414.005.patch, HBASE-16414.006.patch, HBASE-16414.007.patch,
HBASE-16414.008.patch, HBASE-16414.009.patch, HbaseRpcEncryptionWithCrypoto.docx
>
>
> Hbase RPC encryption is enabled by setting “hbase.rpc.protection” to "privacy". With
the token authentication, it utilized DIGEST-MD5 mechanisms for secure authentication and
data protection. For DIGEST-MD5, it uses DES, 3DES or RC4 to do encryption and it is very
slow, especially for Scan. This will become the bottleneck of the RPC throughput.
> Apache Commons Crypto is a cryptographic library optimized with AES-NI. It provides Java
API for both cipher level and Java stream level. Developers can use it to implement high performance
AES encryption/decryption with the minimum code and effort. Compare with the current implementation
of org.apache.hadoop.hbase.io.crypto.aes.AES, Crypto supports both JCE Cipher and OpenSSL
Cipher which is better performance than JCE Cipher. User can configure the cipher type and
the default is JCE Cipher.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message