[
https://issues.apache.org/jira/browse/SPARK-38422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sean R. Owen resolved SPARK-38422.
----------------------------------
Resolution: Not A Problem
> Encryption algorithms should be used with secure mode and padding scheme
> ------------------------------------------------------------------------
>
> Key: SPARK-38422
> URL: https://issues.apache.org/jira/browse/SPARK-38422
> Project: Spark
> Issue Type: Bug
> Components: SQL
> Affects Versions: 3.3.0
> Reporter: Bjørn Jørgensen
> Priority: Major
>
> I have scanned java files with Sonarqube and in
> https://github.com/apache/spark/blob/master/sql/catalyst/src/main/java/org/apache/spark/sql/catalyst/expressions/ExpressionImplUtils.java
> {code:java}
> try {
> if (mode.equalsIgnoreCase("ECB") &&
> (padding.equalsIgnoreCase("PKCS") ||
> padding.equalsIgnoreCase("DEFAULT"))) {
> Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
> {code}
> Encryption operation mode and the padding scheme should be chosen
> appropriately to guarantee data confidentiality, integrity and authenticity:
> For block cipher encryption algorithms (like AES):
> The GCM (Galois Counter Mode) mode which works internally with zero/no
> padding scheme, is recommended, as it is designed to provide both data
> authenticity (integrity) and confidentiality. Other similar modes are CCM,
> CWC, EAX, IAPM and OCB.
> The CBC (Cipher Block Chaining) mode by itself provides only data
> confidentiality, it’s recommended to use it along with Message Authentication
> Code or similar to achieve data authenticity (integrity) too and thus to
> prevent padding oracle attacks.
> The ECB (Electronic Codebook) mode doesn’t provide serious message
> confidentiality: under a given key any given plaintext block always gets
> encrypted to the same ciphertext block. This mode should not be used.
> For RSA encryption algorithm, the recommended padding scheme is OAEP.
> [OWASP Top 10 2021|https://owasp.org/Top10/A02_2021-Cryptographic_Failures/]
> Category A2 - Cryptographic Failures
> [OWASP Top 10
> 2017|https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html]
> Category A6 - Security Misconfiguration
> [Mobile
> AppSec|https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements]
> Verification Standard - Cryptography Requirements
> [OWASP Mobile Top 10
> 2016|https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography]
> Category M5 - Insufficient Cryptography
> [MITRE, CWE-327|https://cwe.mitre.org/data/definitions/327.html] - Use of a
> Broken or Risky Cryptographic Algorithm
> [CERT,
> MSC61-J.|https://wiki.sei.cmu.edu/confluence/display/java/MSC61-J.+Do+not+use+insecure+or+weak+cryptographic+algorithms]
> - Do not use insecure or weak cryptographic algorithms
> [SANS Top 25|https://www.sans.org/top25-software-errors/#cat3] - Porous
> Defenses
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
