[jira] [Updated] (HBASE-14089) Remove unused draw of system entropy from RecoverableZooKeeper

Wed, 15 Jul 2015 10:05:21 -0700 

     [ 
https://issues.apache.org/jira/browse/HBASE-14089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrew Purtell updated HBASE-14089:
-----------------------------------
    Description: I had a look at instances where we use SecureRandom, which 
could block if insufficient entropy, in the 0.98 and master branch code. 
(Random in contrast is a PRNG seeded by System#nanoTime, it doesn't draw from 
system entropy.) Most uses are in encryption related code, our native 
encryption and SSL, but we do also use SecureRandom for salting znode metadata 
in RecoverableZooKeeper#appendMetadata, which is called whenever we do setData. 
Conceivably we could block unexpectedly when constructing data to write out to 
a znode if entropy gets too low until more is available.   (was: I had a look 
at instances where we use SecureRandom, which could block if insufficient 
entropy, in the 0.98 and master branch code. (Random in contrast is a PRNG 
seeded by System#nanoTime, it doesn't draw from system entropy.) Most uses are 
in encryption related code, our native encryption and SSL, but we do also use 
SecureRandom for salting znode metadata in RecoverableZooKeeper#appendMetadata, 
which is called whenever we do setData. Conceivably we could block unexpectedly 
when constructing data to write out to a znode if entropy gets too low until 
more is available. Those salt values are never used and so appear to serve no 
purpose. We should remove the use of SecureRandom here and just pad with zeros 
for backwards compatibility.)

> Remove unused draw of system entropy from RecoverableZooKeeper
> --------------------------------------------------------------
>
>                 Key: HBASE-14089
>                 URL: https://issues.apache.org/jira/browse/HBASE-14089
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>            Priority: Minor
>             Fix For: 2.0.0, 0.98.14, 1.2.0, 1.1.2, 1.3.0, 1.0.3
>
>
> I had a look at instances where we use SecureRandom, which could block if 
> insufficient entropy, in the 0.98 and master branch code. (Random in contrast 
> is a PRNG seeded by System#nanoTime, it doesn't draw from system entropy.) 
> Most uses are in encryption related code, our native encryption and SSL, but 
> we do also use SecureRandom for salting znode metadata in 
> RecoverableZooKeeper#appendMetadata, which is called whenever we do setData. 
> Conceivably we could block unexpectedly when constructing data to write out 
> to a znode if entropy gets too low until more is available. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to