You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Xiao Chen (JIRA)" <ji...@apache.org> on 2017/08/18 17:17:00 UTC
[jira] [Commented] (HADOOP-14780) Investigate and move shared
resources to member variables on DefaultCryptoExtension
[ https://issues.apache.org/jira/browse/HADOOP-14780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133303#comment-16133303 ]
Xiao Chen commented on HADOOP-14780:
------------------------------------
Also [~jojochuang]'s [comment from HADOOP-14705|https://issues.apache.org/jira/browse/HADOOP-14705?focusedCommentId=16131776&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16131776]
{quote}
On another jira, Rushabh S Shah mentioned a possibility to reuse CryptoCodec (making it a member variable of DefaultCryptoExtension). Is there any security concerns? If it is reused, and if CryptoCodec uses SecureRandom, the random numbers generated in DefaultCryptoExtension#generateEncryptedKey may become predictable. I don't come with a security background, but I am thinking it could be exploitable.
{quote}
> Investigate and move shared resources to member variables on DefaultCryptoExtension
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-14780
> URL: https://issues.apache.org/jira/browse/HADOOP-14780
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
>
> See [comments|https://issues.apache.org/jira/browse/HADOOP-14779?focusedCommentId=16129260&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16129260] on HADOOP-14779.
> It would be optimal to use a member var for CryptoCodec, and potentially Encryptor / Decryptor.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org