[jira] [Created] (RANGER-3174) Weak Cryptographic Algorithm and hash function used for PBE encryption

Ying Zhang (Jira) Sat, 06 Feb 2021 09:55:04 -0800

Ying Zhang created RANGER-3174:
----------------------------------

             Summary: Weak Cryptographic Algorithm and hash function used for 
PBE encryption
                 Key: RANGER-3174
                 URL: https://issues.apache.org/jira/browse/RANGER-3174
             Project: Ranger
          Issue Type: Improvement
          Components: kms
            Reporter: Ying Zhang



PBEWithMD5AndTripleDES is used in the file 
/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java line 310 

*Security impact*: 

MD5 is a deprecated hash algorithm and DES also not recommend for symmetric 
encryption. The use of a broken or risky cryptographic algorithm is an 
unnecessary risk that may result in the exposure of sensitive information.

Useful resources: [https://cwe.mitre.org/data/definitions/327.html]

*suggestions*:

According to the 
[https://tools.ietf.org/html/rfc2898.|https://tools.ietf.org/html/rfc2898,] 
PBKDF2 is highly recommended while doing PBE encryption 

*Please share with us your opinions/comments if there is any:*

Is the bug report helpful? 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-3174) Weak Cryptographic Algorithm and hash function used for PBE encryption

Reply via email to