ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Endre Kovacs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-1644) Change the default Crypt Algo to use stronger cryptographic algo.
Date Sat, 16 Dec 2017 09:57:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16293740#comment-16293740

Endre Kovacs commented on RANGER-1644:

as I revisited this patch, I realized, that my patch presumes JDK8 with all the good/strong
PBE algorithms.
after making sure that i am using a java 7, and ran the tests I got: 
Cannot find any provider supporting PBEWITHHMACSHA512ANDAES_128
meanwhile running it with JAVA 8 gave me no errors.
checking the docs for java security (https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJCEProvider),
it turned out that PBEWithMD5AndDES are the best option on Java 7 for *P*assword*B*ased*E*ncryption.

meanwhile in JAVA 8 the docs (https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJCEProvider)
shows quite a few PBE algorithms that are more secure.

thus my question arise: should we impose the requirement of JDK8 (and possibly installing
of  JCE Unlimited Strength Jurisdiction Policy Files for even stronger key length support)
or not impose JDK8, stay with JDK7 where there is no stronger PBE algorithm, and close this
ticket, until JDK8 is required for running ranger, where we have access all the good/strong

> Change the default Crypt Algo to use stronger cryptographic algo. 
> ------------------------------------------------------------------
>                 Key: RANGER-1644
>                 URL: https://issues.apache.org/jira/browse/RANGER-1644
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Selvamohan Neethiraj
>            Assignee: Endre Kovacs
>            Priority: Critical
>             Fix For: 1.0.0
>         Attachments: 0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch
> Change the default crypt algorithm to use a stronger cipher algorithm

This message was sent by Atlassian JIRA

View raw message