[
https://issues.apache.org/jira/browse/HBASE-11446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049786#comment-14049786
]
Yi Liu commented on HBASE-11446:
--------------------------------
Hi [[email protected]], thank you :). Java SecureRandom is expensive,
it's great to improve the performance.
I see the default mode is AES/CTR/NoPadding, {{Encryption.incrementIv}} only
increase the IV by 1. For CTR mode, algorithm implementation internally
increases IV by 1 every aes-block(16 bytes). That means neighbouring cells
will share same Key and IV(16 bytes shift), if malicious user can construct and
write cell, then I have a bit concern from a security perspective.
> Reduce the frequency of RNG calls in SecureWALCellCodec#EncryptedKvEncoder
> --------------------------------------------------------------------------
>
> Key: HBASE-11446
> URL: https://issues.apache.org/jira/browse/HBASE-11446
> Project: HBase
> Issue Type: Improvement
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
> Fix For: 0.99.0, 1.0.0, 0.98.4
>
> Attachments: HBASE-11446.patch
>
>
> By reducing the frequency of RNG calls in
> SecureWALCellCodec#EncryptedKvEncoder we can save 37% of on CPU time in that
> method and 3% of total on CPU time during an ingest test. WAL processing is a
> critical latency sensitive area.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
