[
https://issues.apache.org/jira/browse/RANGER-3174?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17895508#comment-17895508
]
Vikas Kumar commented on RANGER-3174:
-------------------------------------
[~madhan] , [~bpatel] , [~dhavalshah9131] , [~spolavarapu] , please review
this PR. Thanks.
> Weak Cryptographic Algorithm and hash function used for PBE encryption
> ----------------------------------------------------------------------
>
> Key: RANGER-3174
> URL: https://issues.apache.org/jira/browse/RANGER-3174
> Project: Ranger
> Issue Type: Improvement
> Components: kms
> Reporter: Vicky Zhang
> Assignee: Vikas Kumar
> Priority: Major
>
> PBEWithMD5AndTripleDES is used in the file
> /kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java line 310
> *Security impact*:
> MD5 is a deprecated hash algorithm and DES also not recommend for symmetric
> encryption. The use of a broken or risky cryptographic algorithm is an
> unnecessary risk that may result in the exposure of sensitive information.
> Useful resources: [https://cwe.mitre.org/data/definitions/327.html]
> *suggestions*:
> According to the
> [https://tools.ietf.org/html/rfc2898.|https://tools.ietf.org/html/rfc2898,]
> PBKDF2 is highly recommended while doing PBE encryption
> *Please share with us your opinions/comments if there is any:*
> Is the bug report helpful?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
