[jira] [Created] (SOLR-15140) Avoid insuffcient key size when creating keyPair

Ying Zhang (Jira) Fri, 05 Feb 2021 19:20:09 -0800

Ying Zhang created SOLR-15140:
---------------------------------

             Summary: Avoid insuffcient key size when creating keyPair
                 Key: SOLR-15140
                 URL: https://issues.apache.org/jira/browse/SOLR-15140
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Ying Zhang



In file: 
apache/lucene-solr/blob/branch_6_6/solr/core/src/java/org/apache/solr/util/CryptoKeys.java,
 Line 300, keyGen init the keyPair with size 1024(defined in 291).

 *Security Impact*: 

insufficient key size may cause weak encryption for sensitive information, and 
leakage of the information.

_useful link: 
[https://www.appmarq.com/public/tqi,1039028,CWE-327-Avoid-weak-encryption-providing-not-sufficient-key-size-JEE]_

*Solution we suggest:*

We suggest using 2048 as keyPair size when encrypting with RSA.

*Please share with us your opinions/comments if there is any*

Is the bug report helpful?

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (SOLR-15140) Avoid insuffcient key size when creating keyPair

Reply via email to