You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/01/25 18:34:00 UTC
[jira] [Commented] (NIFI-8549) Upgrade MiNiFi default sensitive properties algorithm
[ https://issues.apache.org/jira/browse/NIFI-8549?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17482036#comment-17482036 ]
ASF subversion and git services commented on NIFI-8549:
-------------------------------------------------------
Commit a2cfbe4ac70d9d73bd3ab5bbfd702eaebb524c71 in nifi's branch refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=a2cfbe4 ]
NIFI-8549 Upgraded MiNiFi sensitive properties algorithm
- Replaced PBEWITHMD5AND256BITAES-CBC-OPENSSL with NIFI_PBKDF2_AES_GCM_256
NIFI-8549 Removed unused provider property from MiNiFi Admin Guide
Signed-off-by: Matthew Burgess <ma...@apache.org>
This closes #5687
> Upgrade MiNiFi default sensitive properties algorithm
> -----------------------------------------------------
>
> Key: NIFI-8549
> URL: https://issues.apache.org/jira/browse/NIFI-8549
> Project: Apache NiFi
> Issue Type: Bug
> Components: MiNiFi
> Reporter: Andy LoPresto
> Assignee: David Handermann
> Priority: Major
> Fix For: 1.16.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> {quote}
> * Could we please change the default algorithm for protecting sensitive property values to something stronger than the current selection? I would open a Jira if necessary, but this is one of those things that is really better to do before the first release so users have a backward-compatible config.yml file moving forward. If we change it in a subsequent release, we will need to do significant migration hand-holding. My suggestion would be "PBEWITHSHA256AND256BITAES-CBC-BC” which is significantly stronger, but after trying a few BC options, I continue to get EncryptionExceptions even though I have the JCE unlimited cryptographic strength jurisdiction policy files installed, so this may be a 0.0.2 fix. Is BouncyCastle not enabled by default?
> {quote}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)