[jira] [Commented] (NIFI-1465) Upgrade encryption of sensitive properties

Andy LoPresto (JIRA) Thu, 14 Jul 2016 12:23:42 -0700

    [ 
https://issues.apache.org/jira/browse/NIFI-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15378173#comment-15378173
 ]


Andy LoPresto commented on NIFI-1465:
-------------------------------------

The tool for upgrade should also allow the decryption and re-encryption using 
the same algorithm when the sensitive key value changes (i.e. key rollover) as 
documented in the mailing list [1]. 

[1] 
https://mail-archives.apache.org/mod_mbox/nifi-users/201607.mbox/%3CSN2PR14MB10889B2BF9E0BEDC1ECC4D7BAB310%40SN2PR14MB1088.namprd14.prod.outlook.com%3E

> Upgrade encryption of sensitive properties
> ------------------------------------------
>
>                 Key: NIFI-1465
>                 URL: https://issues.apache.org/jira/browse/NIFI-1465
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 0.5.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>              Labels: encryption, security
>   Original Estimate: 120h
>  Remaining Estimate: 120h
>
> Currently, NiFi accepts a password and encryption algorithm in 
> `nifi.properties` which are used to encrypt all sensitive processor 
> properties throughout the application. The password defaults to empty and the 
> algorithm defaults to {{PBEWITHMD5AND256BITAES-CBC-OPENSSL}}. This algorithm:
> * uses a digest function ({{MD5}}) which is not cryptographically secure 
> [1][2][3][4]
> * uses a single iteration count [5][6]
> * limits password input to 16 characters on JVMs without the unlimited 
> strength cryptographic jurisdiction policy files installed [NIFI-1255]
> all of which combine to make it extremely insecure. We should change the 
> default algorithm to use a strong key derivation function (KDF) [7] which 
> will properly derive a key to protect the sensitive properties. 
> Because existing systems have already encrypted the properties using a key 
> derived from the original settings, we should provide a translation/upgrade 
> utility to seamlessly convert the stored values from the old password & 
> algorithm combination to the new. 
> [1] http://security.stackexchange.com/a/19908/16485
> [2] http://security.stackexchange.com/a/31846/16485
> [3] 
> http://security.stackexchange.com/questions/52461/how-weak-is-md5-as-a-password-hashing-function
> [4] http://security.stackexchange.com/a/31410/16485
> [5] http://security.stackexchange.com/a/29139/16485
> [6] https://www.openssl.org/docs/manmaster/crypto/EVP_BytesToKey.html
> [7] 
> https://cwiki.apache.org/confluence/display/NIFI/Key+Derivation+Function+Explanations



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-1465) Upgrade encryption of sensitive properties

Reply via email to