[
https://issues.apache.org/jira/browse/KUDU-3316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17521751#comment-17521751
]
Attila Bukor commented on KUDU-3316:
------------------------------------
Thanks for your comments [~kirbyzhou]
> In my opinion, EEK had better be of variable length.
This actually represents an unencrypted/decrypted key, so all this metadata
will be stripped/handled before the key is stored in an EncryptionHeader.
> The IV of AES-CTR is hard-coded in DoEncryptV,
CTR requires a nonce-encryption key pair to be unique, and each file has a
unique file key, so as long as the nonce doesn't repeat, it is secure. Adding a
randomized IV requires more entropy, with no real benefit in this case.
> Store encrypted encryption keys in encrypted files
> --------------------------------------------------
>
> Key: KUDU-3316
> URL: https://issues.apache.org/jira/browse/KUDU-3316
> Project: Kudu
> Issue Type: Sub-task
> Reporter: Attila Bukor
> Assignee: Attila Bukor
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
