You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2015/04/20 19:32:00 UTC

[jira] [Commented] (HBASE-13511) Derive data keys with HKDF

    [ https://issues.apache.org/jira/browse/HBASE-13511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14503260#comment-14503260 ] 

Andrew Purtell commented on HBASE-13511:
----------------------------------------

We can just drop this in place with full backwards compatibility. Encrypted data keys are stored with the HFiles and used directly after unwrapping. Changing data keys doesn't affect old files, it only applies to new writes.

Recall that data keys are encrypted with the master key and stored in the file trailer, and the rest of the file is encrypted with the data key. We can have a good master key protecting data keys, but weak (user supplied) data keys leaving HFile data vulnerable to cryptanalysis. We shouldn't trust user supplied data keys to be good.

> Derive data keys with HKDF
> --------------------------
>
>                 Key: HBASE-13511
>                 URL: https://issues.apache.org/jira/browse/HBASE-13511
>             Project: HBase
>          Issue Type: Sub-task
>          Components: encryption, security
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>            Priority: Minor
>             Fix For: 2.0.0, 1.1.0, 0.98.13, 1.0.2
>
>
> When we are locally managing master key material, when users have supplied their own data key material, derive the actual data keys using HKDF (https://tools.ietf.org/html/rfc5869)
> DK' = HKDF(S, DK, MK)
> where
> S = salt
> DK = user supplied data key
> MK = master key
> DK' = derived data key for the HFile
> User supplied key material may be weak or an attacker may have some partial knowledge of it.
> Where we generate random data keys we can still use HKDF as a way to mix more entropy into the secure random generator. 
> DK' = HKDF(R, MK)
> where
> R = random key material drawn from the system's secure random generator
> MK = master key
> (Salting isn't useful here because salt S and R would be drawn from the same pool, so will not have statistical independence.)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)