dineshchitlangia commented on a change in pull request #1362: HDDS-2014. Create
Symmetric Key for GDPR
URL: https://github.com/apache/hadoop/pull/1362#discussion_r319267418
##########
File path:
hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
##########
@@ -312,4 +312,13 @@ private OzoneConsts() {
public static final int S3_BUCKET_MIN_LENGTH = 3;
public static final int S3_BUCKET_MAX_LENGTH = 64;
+ //GDPR
+ public static final String GDPR_ALGORITHM_NAME = "AES";
+ public static final int GDPR_RANDOM_SECRET_LENGTH = 32;
Review comment:
1. Why 32 bytes long?
Random Secret Length is 32 characters. I think you mistook it as the size of
the key.
Given, 1 char = 8 bit, 32 chars make up 256 bits.
2. Why AES?
Short answer: AES is trusted within the US NSA for sharing top
secret/security information which means this algorithm is vetted for highest
security clearance!
Long Answer: Breaking a symmetric 256-bit key by brute force requires 2^128
times more computational power than a 128-bit key.
Fifty supercomputers that could check a billion billion (10^18) AES keys per
second (if such a device exists) would, in theory, require about 3×(10^51)
years to exhaust the 256-bit key space. That said, every cryptography algorithm
gets broken eventually, AES seems good for the foreseeable future :)
Aside from this, I will still file a Jira to make the length/algorithm
configurable at cluster level.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
