ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Endre Kovacs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1644) Change the default Crypt Algo to use stronger cryptographic algo.
Date Sat, 16 Dec 2017 09:57:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16293740#comment-16293740
] 

Endre Kovacs commented on RANGER-1644:
--------------------------------------

as I revisited this patch, I realized, that my patch presumes JDK8 with all the good/strong
PBE algorithms.
after making sure that i am using a java 7, and ran the tests I got: 
{code}
Cannot find any provider supporting PBEWITHHMACSHA512ANDAES_128
{code}
meanwhile running it with JAVA 8 gave me no errors.
checking the docs for java security (https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJCEProvider),
it turned out that PBEWithMD5AndDES are the best option on Java 7 for *P*assword*B*ased*E*ncryption.

meanwhile in JAVA 8 the docs (https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJCEProvider)
shows quite a few PBE algorithms that are more secure.
{code}
PBEWithHmacSHA1AndAES_128
PBEWithHmacSHA224AndAES_128
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA384AndAES_128
PBEWithHmacSHA512AndAES_128
PBEWithHmacSHA1AndAES_256
PBEWithHmacSHA224AndAES_256
PBEWithHmacSHA256AndAES_256
PBEWithHmacSHA384AndAES_256
PBEWithHmacSHA512AndAES_256
{code}

thus my question arise: should we impose the requirement of JDK8 (and possibly installing
of  JCE Unlimited Strength Jurisdiction Policy Files for even stronger key length support)
or not impose JDK8, stay with JDK7 where there is no stronger PBE algorithm, and close this
ticket, until JDK8 is required for running ranger, where we have access all the good/strong
algorithms?

> Change the default Crypt Algo to use stronger cryptographic algo. 
> ------------------------------------------------------------------
>
>                 Key: RANGER-1644
>                 URL: https://issues.apache.org/jira/browse/RANGER-1644
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Selvamohan Neethiraj
>            Assignee: Endre Kovacs
>            Priority: Critical
>             Fix For: 1.0.0
>
>         Attachments: 0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch
>
>
> Change the default crypt algorithm to use a stronger cipher algorithm



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message