[jira] [Commented] (HADOOP-14780) Investigate and move shared resources to member variables on DefaultCryptoExtension

Fri, 18 Aug 2017 10:59:44 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-14780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133362#comment-16133362
 ] 

Xiao Chen commented on HADOOP-14780:
------------------------------------

>From [~shahrs87]:
{quote}

If it is reused, and if CryptoCodec uses SecureRandom, the random numbers 
generated in DefaultCryptoExtension#generateEncryptedKey may become predictable.

Thats a good question and a valid security concern.
As far as {{DefaultCryptoExtension#generateEncryptedKey}} is concerned, here is 
the workflow to generate {{secureRandom}} bytes.
{{DefaultCryptoExtension#generateEncryptedKey(String encryptionKeyName)} --> 
{{OpensslAesCtrCryptoCodec#generateSecureRandom(byte[] bytes)}} --> 
{{OsSecureRandom#nextBytes(byte[] bytes)}} --> 
{{OsSecureRandom.fillReservoir(int min)}}.
All {{OsSecureRandom#fillReservoir(int min)}} does is read random bytes from 
{{/dev/urandom}}.
{code:title=OsSecureRandom.java|borderStyle=solid}
 private void fillReservoir(int min) {
    if (pos >= reservoir.length - min) {
      try {
        if (stream == null) {
          stream = new FileInputStream(new File(randomDevPath)); // 
randomDevPath = /dev/urandom
        }
        IOUtils.readFully(stream, reservoir, 0, reservoir.length);
      } catch (IOException e) {
        throw new RuntimeException("failed to fill reservoir", e);
      }
      pos = 0;
    }
  }
{code}
The whole workflow assumes we take default values from 
{{hadoop.security.secure.random.impl}}, 
{{hadoop.security.random.device.file.path}} and 
{{hadoop.security.crypto.cipher.suite}}
{quote}

> Investigate and move shared resources to member variables on 
> DefaultCryptoExtension
> -----------------------------------------------------------------------------------
>
>                 Key: HADOOP-14780
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14780
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>
> See 
> [comments|https://issues.apache.org/jira/browse/HADOOP-14779?focusedCommentId=16129260&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16129260]
>  on HADOOP-14779.
> It would be optimal to use a member var for CryptoCodec, and potentially 
> Encryptor / Decryptor.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to