You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Velmurugan Periasamy <vp...@hortonworks.com> on 2018/04/02 21:58:00 UTC
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200319
-----------------------------------------------------------
kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Line 200 (original), 322 (patched)
<https://reviews.apache.org/r/66357/#comment281015>
Why is salt generated from password? Change to random values.
- Velmurugan Periasamy
On March 29, 2018, 12:10 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated March 29, 2018, 12:10 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/1/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by bhavik patel <bh...@gmail.com>.
> On April 2, 2018, 9:58 p.m., Velmurugan Periasamy wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
> > Line 200 (original), 322 (patched)
> > <https://reviews.apache.org/r/66357/diff/1/?file=1990118#file1990118line324>
> >
> > Why is salt generated from password? Change to random values.
We can not use random values because at the time of encryption & decryption of key will require same value of saltGen. If we want, we can also make it configurable properties like other.
- bhavik
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200319
-----------------------------------------------------------
On March 29, 2018, 12:10 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated March 29, 2018, 12:10 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/1/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>
Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good
practices
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
> On April 2, 2018, 9:58 p.m., Velmurugan Periasamy wrote:
> > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
> > Line 200 (original), 322 (patched)
> > <https://reviews.apache.org/r/66357/diff/1/?file=1990118#file1990118line324>
> >
> > Why is salt generated from password? Change to random values.
>
> bhavik patel wrote:
> We can not use random values because at the time of encryption & decryption of key will require same value of saltGen. If we want, we can also make it configurable properties like other.
Yes, that's what I meant. Make it a configurable option. Thanks.
- Velmurugan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200319
-----------------------------------------------------------
On March 29, 2018, 12:10 p.m., bhavik patel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> -----------------------------------------------------------
>
> (Updated March 29, 2018, 12:10 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Code Improvement To Follow Best Practices.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml 2fc5177
> kms/scripts/DBMK2HSM.sh 89c8c2d
> kms/scripts/HSMMK2DB.sh 2637cf6
> kms/scripts/importJCEKSKeys.sh d72c93e
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16
>
>
> Diff: https://reviews.apache.org/r/66357/diff/1/
>
>
> Testing
> -------
>
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
>
>
> Thanks,
>
> bhavik patel
>
>