[jira] [Updated] (NIFI-7669) Add flow protection key caching mechanism for derived keys
[ https://issues.apache.org/jira/browse/NIFI-7669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Villard updated NIFI-7669: - Fix Version/s: 1.12.0 Resolution: Fixed Status: Resolved (was: Patch Available) > Add flow protection key caching mechanism for derived keys > -- > > Key: NIFI-7669 > URL: https://issues.apache.org/jira/browse/NIFI-7669 > Project: Apache NiFi > Issue Type: Improvement > Components: Configuration, Core Framework >Reporter: Andy LoPresto >Assignee: Andy LoPresto >Priority: Major > Labels: caching, encryption, kdf, performance, security > Fix For: 1.12.0 > > Time Spent: 10m > Remaining Estimate: 0h > > The specific algorithm introduced in NIFI-7638 introduces a ~1 sec delay in > every encryption operation (which occurs during every flow synchronization > and serialization to disk) due to the Argon2 KDF process. This is an > acceptable tradeoff for security-conscious users at this time, but can be > improved through a key caching mechanism in memory. Deriving the key once at > application startup and using it directly will remove this delay, and the key > cannot change without an application restart. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-7669) Add flow protection key caching mechanism for derived keys
[ https://issues.apache.org/jira/browse/NIFI-7669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andy LoPresto updated NIFI-7669: Status: Patch Available (was: Open) > Add flow protection key caching mechanism for derived keys > -- > > Key: NIFI-7669 > URL: https://issues.apache.org/jira/browse/NIFI-7669 > Project: Apache NiFi > Issue Type: Improvement > Components: Configuration, Core Framework >Affects Versions: 1.12.0 >Reporter: Andy LoPresto >Assignee: Andy LoPresto >Priority: Major > Labels: caching, encryption, kdf, performance, security > > The specific algorithm introduced in NIFI-7638 introduces a ~1 sec delay in > every encryption operation (which occurs during every flow synchronization > and serialization to disk) due to the Argon2 KDF process. This is an > acceptable tradeoff for security-conscious users at this time, but can be > improved through a key caching mechanism in memory. Deriving the key once at > application startup and using it directly will remove this delay, and the key > cannot change without an application restart. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-7669) Add flow protection key caching mechanism for derived keys
[ https://issues.apache.org/jira/browse/NIFI-7669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andy LoPresto updated NIFI-7669: Affects Version/s: (was: 1.12.0) > Add flow protection key caching mechanism for derived keys > -- > > Key: NIFI-7669 > URL: https://issues.apache.org/jira/browse/NIFI-7669 > Project: Apache NiFi > Issue Type: Improvement > Components: Configuration, Core Framework >Reporter: Andy LoPresto >Assignee: Andy LoPresto >Priority: Major > Labels: caching, encryption, kdf, performance, security > > The specific algorithm introduced in NIFI-7638 introduces a ~1 sec delay in > every encryption operation (which occurs during every flow synchronization > and serialization to disk) due to the Argon2 KDF process. This is an > acceptable tradeoff for security-conscious users at this time, but can be > improved through a key caching mechanism in memory. Deriving the key once at > application startup and using it directly will remove this delay, and the key > cannot change without an application restart. -- This message was sent by Atlassian Jira (v8.3.4#803005)
