[jira] [Commented] (HBASE-16414) Improve performance for RPC encryption with Apache Common Crypto

Wed, 19 Oct 2016 22:59:09 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15590907#comment-15590907
 ] 

ramkrishna.s.vasudevan commented on HBASE-16414:
------------------------------------------------

ACtually the back ground is that we have already doing  this work of creating 
DBB here. 
The only aspect is that in case of SASL we needed onheap byte[] only. So in 
that case we were creating onheap BB. 
So the point was if we pass DBB to the new Cryto code can your new AES wrap 
directly work on it? You can raise an IA to do that.
{code}
plaintextData = cryptoAES.unwrap(b, saslToken.position(), saslToken.limit());
{code}


> Improve performance for RPC encryption with Apache Common Crypto
> ----------------------------------------------------------------
>
>                 Key: HBASE-16414
>                 URL: https://issues.apache.org/jira/browse/HBASE-16414
>             Project: HBase
>          Issue Type: Improvement
>          Components: IPC/RPC
>    Affects Versions: 2.0.0
>            Reporter: Colin Ma
>            Assignee: Colin Ma
>         Attachments: HBASE-16414.001.patch, HBASE-16414.002.patch, 
> HBASE-16414.003.patch, HBASE-16414.004.patch, HBASE-16414.005.patch, 
> HBASE-16414.006.patch, HBASE-16414.007.patch, HBASE-16414.008.patch, 
> HBASE-16414.009.patch, HbaseRpcEncryptionWithCrypoto.docx
>
>
> Hbase RPC encryption is enabled by setting “hbase.rpc.protection” to 
> "privacy". With the token authentication, it utilized DIGEST-MD5 mechanisms 
> for secure authentication and data protection. For DIGEST-MD5, it uses DES, 
> 3DES or RC4 to do encryption and it is very slow, especially for Scan. This 
> will become the bottleneck of the RPC throughput.
> Apache Commons Crypto is a cryptographic library optimized with AES-NI. It 
> provides Java API for both cipher level and Java stream level. Developers can 
> use it to implement high performance AES encryption/decryption with the 
> minimum code and effort. Compare with the current implementation of 
> org.apache.hadoop.hbase.io.crypto.aes.AES, Crypto supports both JCE Cipher 
> and OpenSSL Cipher which is better performance than JCE Cipher. User can 
> configure the cipher type and the default is JCE Cipher.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to