[
https://issues.apache.org/jira/browse/HADOOP-14780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133366#comment-16133366
]
Xiao Chen commented on HADOOP-14780:
------------------------------------
Also posting [~andrew.wang]'s pointer to a good read:
https://www.2uo.de/myths-about-urandom/
I think one way to balance security and efficiency is we cache the crypto codec
and decryptor for decrypt / re-encrypt, but keep generate the same way - since
the random generator is only used when {{generateEncryptedKey}}.
> Investigate and move shared resources to member variables on
> DefaultCryptoExtension
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-14780
> URL: https://issues.apache.org/jira/browse/HADOOP-14780
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
>
> See
> [comments|https://issues.apache.org/jira/browse/HADOOP-14779?focusedCommentId=16129260&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16129260]
> on HADOOP-14779.
> It would be optimal to use a member var for CryptoCodec, and potentially
> Encryptor / Decryptor.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
