[
https://issues.apache.org/jira/browse/KUDU-3316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17569900#comment-17569900
]
Attila Bukor commented on KUDU-3316:
------------------------------------
The server keys have a random IV, as returned by the KMS (Ranger KMS works the
same way). Encrypting and decrypting the file keys, on the other hand, take
place within Kudu, so the IV can be be controlled more closely.
{quote}My concern is non-randomized IV is easier to be exploited by plaintext
attack{quote}
Can you elaborate on this? IV+key is not reused, as each file has a separate
key.
> Store encrypted encryption keys in encrypted files
> --------------------------------------------------
>
> Key: KUDU-3316
> URL: https://issues.apache.org/jira/browse/KUDU-3316
> Project: Kudu
> Issue Type: Sub-task
> Reporter: Attila Bukor
> Assignee: Attila Bukor
> Priority: Major
> Fix For: 1.17.0
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
