You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by GitBox <gi...@apache.org> on 2019/08/29 20:54:36 UTC

[GitHub] [hadoop] dineshchitlangia commented on a change in pull request #1362: HDDS-2014. Create Symmetric Key for GDPR

dineshchitlangia commented on a change in pull request #1362: HDDS-2014. Create Symmetric Key for GDPR
URL: https://github.com/apache/hadoop/pull/1362#discussion_r319267418
 
 

 ##########
 File path: hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
 ##########
 @@ -312,4 +312,13 @@ private OzoneConsts() {
   public static final int S3_BUCKET_MIN_LENGTH = 3;
   public static final int S3_BUCKET_MAX_LENGTH = 64;
 
+  //GDPR
+  public static final String GDPR_ALGORITHM_NAME = "AES";
+  public static final int GDPR_RANDOM_SECRET_LENGTH = 32;
 
 Review comment:
   1. Why 32 bytes long?
   Random Secret Length is 32 characters. I think you thought of it as the size of the key.
   Given, 1 char = 8 bit, 32 chars make up 256 bits.
   
   2. Why AES?
   Short answer: AES is trusted within the US NSA for sharing top secret/security information which means this algorithm is vetted for highest security clearance!
   
   Long Answer: Breaking a symmetric 256-bit key by brute force requires 2^128 times more computational power than a 128-bit key. 
   Fifty supercomputers that could check a billion billion (10^18) AES keys per second (if such a device exists) would, in theory, require about 3×(10^51) years to exhaust the 256-bit key space. That said, every cryptography algorithm gets broken eventually, AES seems good for the foreseeable future :)
   
   Aside from this, I will still file a Jira to make the length/algorithm configurable at cluster level.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org