[jira] [Created] (RANGER-3173) PBEParameterSpec has < 1000 iteration

Md Mahir Asef Kabir (Jira) Fri, 05 Feb 2021 11:28:10 -0800

Md Mahir Asef Kabir created RANGER-3173:
-------------------------------------------


             Summary: PBEParameterSpec has < 1000 iteration
                 Key: RANGER-3173
                 URL: https://issues.apache.org/jira/browse/RANGER-3173
             Project: Ranger
          Issue Type: Improvement
          Components: Ranger
            Reporter: Md Mahir Asef Kabir


In file 
[https://github.com/apache/ranger/blob/71e1dd40366c8eb8e9c498b0b5158d85d603af02/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java]
 (at Line 311) PBEParameterSpec has been initialized with < 1000 iteration 
count.

*Security Impact*:

< 1000 iteration count makes it vulnerable to dictionary attack

*Useful resource*:
https://cryptosense.com/blog/parameter-choice-for-pbkdf2

*Solution we suggest*:

Iteration count should be at least 1000

*Please share with us your opinions/comments if there is any*:

Is the bug report helpful?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-3173) PBEParameterSpec has < 1000 iteration

Reply via email to