You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2021/02/06 02:52:00 UTC
[jira] [Commented] (ARTEMIS-3103) Replace blowfish with a more
secure encryption algorithm
[ https://issues.apache.org/jira/browse/ARTEMIS-3103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17280056#comment-17280056 ]
Justin Bertram commented on ARTEMIS-3103:
-----------------------------------------
There's a few things to note here:
# {{org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec}} is just the _default_ codec. If any user wants a different implementation [the documentation|http://activemq.apache.org/components/artemis/documentation/latest/masking-passwords.html#choosing-a-codec-for-password-masking] outlines how to integrate it. Nobody is forced to use the default codec.
# Blowfish is used for "masking." This masking is a kind of a pseudo-encryption where the same program must both encode _and_ decode the data. Therefore, any user who has access to the broker's files to read the masked data will have access to the codec implementation class as well. This will allow them to fairly easily unmask data _regardless_ of the algorithm used. Furthermore, any user who has access to the memory of the broker's JVM will be able to find the decoded value(s) there as well _regardless_ of the algorithm.
# Blowfish's weaknesses were known when the default codec was implemented, but due to the fundamental nature of the way it is used those weaknesses don't ultimately matter. Using a "better" algorithm won't actually increase security.
Similar to ARTEMIS-3070, this bug report is not helpful because it doesn't take into account the larger context of how and why the Blowfish algorithm is used. It seems to me that both this issue and ARTEMIS-3070 were generated based on static code analysis. Please conduct a more thorough analysis before creating any similar Jiras. Thanks!
> Replace blowfish with a more secure encryption algorithm
> ---------------------------------------------------------
>
> Key: ARTEMIS-3103
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3103
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: API
> Reporter: Ying Zhang
> Priority: Major
>
> The class {{org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec}} uses blowfish encrypting sensitive information.
> *Security Impact*:
> Blowfish's use of 64-bit block size (as opposed to e.g. AES's 128-bit block size) makes it vulnerable to [birthday attacks|https://en.wikipedia.org/wiki/Birthday_attack], particularly in contexts like [HTTPS|https://en.wikipedia.org/wiki/HTTPS]. In 2016, the SWEET32 attack demonstrated how to leverage birthday attacks to perform plaintext recovery (i.e. decrypting ciphertext) against ciphers with 64-bit block size.
> *Useful Resources*:
> https://cwe.mitre.org/data/definitions/319.html
> *Please share with us your opinions/comments if there is any:*
> Is the bug report helpful?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)