[
https://issues.apache.org/jira/browse/HBASE-10065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13838044#comment-13838044
]
Hudson commented on HBASE-10065:
--------------------------------
SUCCESS: Integrated in HBase-TRUNK #4709 (See
[https://builds.apache.org/job/HBase-TRUNK/4709/])
HBASE-10065. Stronger validation of key unwrapping (apurtell: rev 1547374)
*
/hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/EncryptionUtil.java
*
/hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/EncryptionProtos.java
* /hbase/trunk/hbase-protocol/src/main/protobuf/Encryption.proto
> Stronger validation of key unwrapping
> -------------------------------------
>
> Key: HBASE-10065
> URL: https://issues.apache.org/jira/browse/HBASE-10065
> Project: HBase
> Issue Type: Improvement
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
> Priority: Minor
> Fix For: 0.98.0
>
> Attachments: 10065.patch
>
>
> In EncryptionUtil#unwrapKey we use a CRC32 to validate the successful
> unwrapping of a data key. I chose a CRC32 to limit overhead. There is only a
> 1 in 2^32 chance of a random collision, low enough to be extremely unlikely.
> However, I was talking with my colleague Jerry Chen today about this. A
> cryptographic hash would lower the probability to essentially zero and we are
> only wrapping data keys once per HColumnDescriptor and once per HFile, saving
> a few bytes here and there only really. Might as well use the SHA of the data
> key and in addition consider running AES in GCM mode to cover that hash as
> additional authenticated data.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
