[
https://issues.apache.org/jira/browse/HBASE-11446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14048530#comment-14048530
]
Andrew Purtell edited comment on HBASE-11446 at 7/1/14 5:24 AM:
----------------------------------------------------------------
bq. So the random IV is made once (in the life time of a the RS) and then
onwards the IVs are predictable.
IVs are not secret. In fact they are recorded with the data. It is important
that no data + key + IV combination repeat. Both the per WAL secret key and the
initial IV for each thread local are initialized with a value drawn from a
secure random number generator. This is a reasonable scheme.
was (Author: apurtell):
bq. So the random IV is made once (in the life time of a the RS) and then
onwards the IVs are predictable.
That's not how IVs work. IVs are not secret. In fact they are recorded with the
data. It is important that no data + key + IV combination repeat. Both the per
WAL secret key and the initial IV for each thread local are initialized with a
value drawn from a secure random number generator. This is a reasonable scheme.
> Reduce the frequency of RNG calls in SecureWALCellCodec#EncryptedKvEncoder
> --------------------------------------------------------------------------
>
> Key: HBASE-11446
> URL: https://issues.apache.org/jira/browse/HBASE-11446
> Project: HBase
> Issue Type: Improvement
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
> Fix For: 0.99.0, 0.98.4
>
> Attachments: HBASE-11446.patch
>
>
> By reducing the frequency of RNG calls in
> SecureWALCellCodec#EncryptedKvEncoder we can save 37% of on CPU time in that
> method and 3% of total on CPU time during an ingest test. WAL processing is a
> critical latency sensitive area.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
