[
https://issues.apache.org/jira/browse/RANGER-5388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18035519#comment-18035519
]
Dhaval Shah commented on RANGER-5388:
-------------------------------------
Committed into Apache master
:[https://github.com/apache/ranger/commit/4008d962a3e8d940305a79fb83123f8d028d4982]
Thanks
> Actual calculated salt size should be updated into the DB
> ---------------------------------------------------------
>
> Key: RANGER-5388
> URL: https://issues.apache.org/jira/browse/RANGER-5388
> Project: Ranger
> Issue Type: Task
> Components: kms
> Reporter: Vikas Kumar
> Assignee: Vikas Kumar
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> In FIPS enabled cluster, FIPS providers ( like BouncyCastle) requires salt
> size being used
> must be at least 128 bits, that is, at least 16 in length.
>
> Default salt size is 8. This default size is not sufficient for FIPS env, and
> if the salt size is not configured sufficiently through config file, KMS boot
> up will fail.
>
> *Current Behaviour:*
> Instead of failing the KMS boot up , it increases the salt size by doubling
> it at runtime. Salt size gets updated into the DB. But it is updating the
> default/configured salt size into the DB, not the newly calculated size.
>
> Same thing happens while reading back the encrypted content from DB, if it is
> 8, it will be doubled and will perform decryption.
>
> *Expected behaviour:*
>
> It should update the actual calculated salt size that has been used to
> encrypt the content. It will remove the dependency to re-calculate the salt
> size while decrypting, provides clarity.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
