You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/03/17 01:19:00 UTC

[jira] [Resolved] (NIFI-1472) Add KeyedCipherProvider implementations for additional cipher families

     [ https://issues.apache.org/jira/browse/NIFI-1472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann resolved NIFI-1472.
------------------------------------
    Resolution: Abandoned

In light of current framework usage of {{{}KeyedCipherProvider{}}}, it seems better to consider a different approach for alternative ciphers.  Most of the alternative ciphers, such as 3DES, DES, and RC4, do not provide sufficient security for modern applications.  Supporting such weak cipher algorithms should follow a different implementation pattern to scope usage as narrowly as possible.

> Add KeyedCipherProvider implementations for additional cipher families
> ----------------------------------------------------------------------
>
>                 Key: NIFI-1472
>                 URL: https://issues.apache.org/jira/browse/NIFI-1472
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 0.5.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Minor
>              Labels: encryption, security
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> Currently, the only implementation of {{KeyedCipherProvider}} is {{AESKeyedCipherProvider}}. Additional implementations could be provided for {{DES}}, {{DESede}}, {{RC2}}, {{RC4}}, {{RC5}}, {{Blowfish}}, and {{Twofish}}, The relevant {{KeyedCipherProvider}} could then be a complete replacement for {{NifiLegacyCipherProvider}} and {{OpenSSLPKCS5CipherProvider}} underlying symmetric encryption after the key derivation. 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)