Return-Path: <issues-return-36870-archive-asf-public=cust-asf.ponee.io@nifi.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 32AA3200D0E
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 26 Sep 2017 19:28:05 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 3118C1609C4; Tue, 26 Sep 2017 17:28:05 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 7738C1609D7
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 26 Sep 2017 19:28:04 +0200 (CEST)
Received: (qmail 67122 invoked by uid 500); 26 Sep 2017 17:28:03 -0000
Mailing-List: contact issues-help@nifi.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@nifi.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@nifi.apache.org>
List-Post: <mailto:issues@nifi.apache.org>
List-Id: <issues.nifi.apache.org>
Reply-To: dev@nifi.apache.org
Delivered-To: mailing list issues@nifi.apache.org
Received: (qmail 67113 invoked by uid 99); 26 Sep 2017 17:28:03 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Sep 2017 17:28:03 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 34CB8182642
	for <issues@nifi.apache.org>; Tue, 26 Sep 2017 17:28:03 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -100.002
X-Spam-Level: 
X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31
	tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001,
	USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id ssB3hFVtvhHh for <issues@nifi.apache.org>;
	Tue, 26 Sep 2017 17:28:01 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id EAA9C61263
	for <issues@nifi.apache.org>; Tue, 26 Sep 2017 17:28:00 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 6B2C8E0373
	for <issues@nifi.apache.org>; Tue, 26 Sep 2017 17:28:00 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 2EC7F24232
	for <issues@nifi.apache.org>; Tue, 26 Sep 2017 17:28:00 +0000 (UTC)
Date: Tue, 26 Sep 2017 17:28:00 +0000 (UTC)
From: "Jeff Storck (JIRA)" <jira@apache.org>
To: issues@nifi.apache.org
Message-ID: <JIRA.13023951.1480391852000.206886.1506446880188@Atlassian.JIRA>
In-Reply-To: <JIRA.13023951.1480391852000@Atlassian.JIRA>
References: <JIRA.13023951.1480391852000@Atlassian.JIRA> <JIRA.13023951.1480391852072@jira-lw-us.apache.org>
Subject: [jira] [Commented] (NIFI-3116) Remove Jasypt library
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Tue, 26 Sep 2017 17:28:05 -0000


    [ https://issues.apache.org/jira/browse/NIFI-3116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181187#comment-16181187 ] 

Jeff Storck commented on NIFI-3116:
-----------------------------------

Updated fix version to 1.4.0 and will be including these changes into RC2 of 1.4.0.

> Remove Jasypt library
> ---------------------
>
>                 Key: NIFI-3116
>                 URL: https://issues.apache.org/jira/browse/NIFI-3116
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 1.1.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>              Labels: encryption, kdf, pbe, security
>             Fix For: 1.4.0
>
>
> The [Jasypt|http://www.jasypt.org/index.html] library is used internally by NiFi for String encryption operations (specifically password-based encryption (PBE) in {{EncryptContent}} and sensitive processor property protection). I feel there are a number of reasons to remove this library from NiFi and provide centralized symmetric encryption operations using Java cryptographic primitives (and BouncyCastle features where necessary). 
> * The library was last updated February 25, 2014. For comparison, BouncyCastle has been [updated 5 times|https://www.bouncycastle.org/releasenotes.html] since then
> * {{StandardPBEStringEncryptor}}, the high-level class wrapped by NiFi's {{StringEncryptor}} is final. This makes it, and features relying on it, difficult to test in isolation
> * Jasypt encapsulates many decisions about {{Cipher}} configuration, specifically salt-generation strategy. This can be a valuable feature for pluggable libraries, but is less than ideal when dealing with encryption and key derivation, which are in constant struggle with evolving attacks and improving hardware. There are hard-coded constants which are not compatible with better decisions available now (i.e. requiring custom implementations of the {{SaltGenerator}} interface to provide new derivations). The existence of these values was opaque to NiFi and led to serious compatibility issues [NIFI-1259], [NIFI-1257], [NIFI-1242], [NIFI-1463], [NIFI-1465], [NIFI-3024]
> * {{StringEncryptor}}, the NiFi class wrapping {{StandardPBEStringEncryptor}} is also final and does not expose methods to instantiate it with only the relevant values (i.e. {{algorithm}}, {{provider}}, and {{password}}) but rather requires an entire {{NiFiProperties}} instance. 
> * {{StringEncryptor.createEncryptor()}} performs an unnecessary "validation check" on instantiation, which was one cause of reported issues where a secure node/cluster blocks on startup on VMs due to lack of entropy in {{/dev/random}}
> * The use of custom salts with PBE means that the internal {{Cipher}} object must be re-created and initialized and the key re-derived from the password on every decryption call. Symmetric keyed encryption with a strong KDF (order of magnitude higher iterations of a stronger algorithm) and unique initialization vector (IV) values would be substantially more resistant to brute force attacks and yet more performant at scale. 
> I have already implemented backwards-compatible code to perform the actions of symmetric key encryption using keys derived from passwords in both the {{ConfigEncryptionTool}} and {{OpenSSLPKCS5CipherProvider}} and {{NiFiLegacyCipherProvider}} classes, which empirical tests confirm are compatible with the Jasypt output. 
> Additional research on some underlying/related issues:
> * [Why does Java allow AES-256 bit encryption on systems without JCE unlimited strength policies if using PBE?|https://security.stackexchange.com/questions/107321/why-does-java-allow-aes-256-bit-encryption-on-systems-without-jce-unlimited-stre]
> * [How To Decrypt OpenSSL-encrypted Data In Apache NiFi|https://community.hortonworks.com/articles/5319/how-to-decrypt-openssl-encrypted-data-in-apache-ni.html]
> * [dev@nifi.apache.org "Passwords in EncryptContent"|https://lists.apache.org/thread.html/b93ced98eff6a77dd0a2a2f0b5785ef42a3b02de2cee5c17607a8c49@%3Cdev.nifi.apache.org%3E]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)