[
https://issues.apache.org/jira/browse/HBASE-25181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17229399#comment-17229399
]
Hudson commented on HBASE-25181:
--------------------------------
Results for branch branch-2
[build #99 on
builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/99/]:
(x) *{color:red}-1 overall{color}*
----
details (if available):
(x) {color:red}-1 general checks{color}
-- For more information [see general
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/99/General_20Nightly_20Build_20Report/]
(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/99/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/]
(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/99/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11
report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/99/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 source release artifact{color}
-- See build output for details.
(/) {color:green}+1 client integration test{color}
> Add options for disabling column family encryption and choosing hash
> algorithm for wrapped encryption keys.
> -----------------------------------------------------------------------------------------------------------
>
> Key: HBASE-25181
> URL: https://issues.apache.org/jira/browse/HBASE-25181
> Project: HBase
> Issue Type: Improvement
> Components: encryption
> Affects Versions: 2.3.2
> Reporter: Mate Szalay-Beko
> Assignee: Mate Szalay-Beko
> Priority: Major
> Fix For: 3.0.0-alpha-1, 2.4.0
>
>
> Currently we are using MD5 hash algorithm to store a hash for encryption
> keys. This hash is needed to verify the secret key of the subject. (e.g.
> making sure that the same secret key is used during encrypted HFile / WalFile
> read and write). The MD5 algorithm is considered weak, and can not be used in
> some (e.g. FIPS compliant) clusters. However, currently it is not possible to
> use different hash algorithm, or to disable the whole column family
> encryption globally on the cluster.
> In this patch:
> * I introduce a backward compatible way of specifying the hash algorithm.
> This enable us to use newer and/or more secure hash algorithms like SHA-384
> or SHA-512 (which are FIPS compliant).
> * I added a configuration parameter to globally enable / disable the column
> family encryption feature. (enabled by default for backward compatibility).
> This is handy if someone wants to operate an HBase cluster making sure that
> uses are only relying on other (e.g. HDFS based) encryption mechanisms.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
