Andrew Purtell created HBASE-12188:
--------------------------------------
Summary: Use AES-GCM as the preferred mode when encrypting HFiles
Key: HBASE-12188
URL: https://issues.apache.org/jira/browse/HBASE-12188
Project: HBase
Issue Type: Improvement
Reporter: Andrew Purtell
Priority: Minor
Fix For: 2.0.0
Currently for encrypting HFiles we use AES in CTR mode. This protects data
against plaintext recovery but does not offer data integrity verification. We
must continue to rely on HDFS integrity protection mechanisms, or internal
HFile checksums, which could be subverted. An attacker might be able to
maliciously introduce corruption that would not be detected during decryption.
GCM mode operates as a stream cipher like CTR mode while incrementally
calculating a message authentication code (MAC) concurrent with encryption, in
a way that affords efficient high performance parallel implementation. The
process of decryption also verifies the integrity of the data in a
cryptographically strong manner. Any tampering or corruption will result in a
reported decryption failure. This provides a marginal improvement in security
because tampering or corruption will be found at the HFile level and so the
invalid data will not have a chance to be passed up into higher layers.
We needed to use AES-CTR when initially developing HFile encryption because
just about everyone was still using Java 6 in production. This has changed. We
have dropped support for Java 6 as of branch-1. Conceivably we could introduce
use of the new Java 7+ APIs for working with AEAD modes like GCM. Once doing
so, the code will no longer compile if using the JDK 6.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
