[
https://issues.apache.org/jira/browse/HADOOP-14780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133303#comment-16133303
]
Xiao Chen commented on HADOOP-14780:
------------------------------------
Also [~jojochuang]'s [comment from
HADOOP-14705|https://issues.apache.org/jira/browse/HADOOP-14705?focusedCommentId=16131776&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16131776]
{quote}
On another jira, Rushabh S Shah mentioned a possibility to reuse CryptoCodec
(making it a member variable of DefaultCryptoExtension). Is there any security
concerns? If it is reused, and if CryptoCodec uses SecureRandom, the random
numbers generated in DefaultCryptoExtension#generateEncryptedKey may become
predictable. I don't come with a security background, but I am thinking it
could be exploitable.
{quote}
> Investigate and move shared resources to member variables on
> DefaultCryptoExtension
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-14780
> URL: https://issues.apache.org/jira/browse/HADOOP-14780
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
>
> See
> [comments|https://issues.apache.org/jira/browse/HADOOP-14779?focusedCommentId=16129260&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16129260]
> on HADOOP-14779.
> It would be optimal to use a member var for CryptoCodec, and potentially
> Encryptor / Decryptor.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
