You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/03/23 20:13:00 UTC
[jira] [Resolved] (NIFI-1476) Enforce TripleDES Keying Option validation on TDES algorithms
[ https://issues.apache.org/jira/browse/NIFI-1476?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann resolved NIFI-1476.
------------------------------------
Resolution: Abandoned
NIST deprecated usage of 3DES in 2017, so further refinement of the valid key lengths does not seem necessary.
> Enforce TripleDES Keying Option validation on TDES algorithms
> -------------------------------------------------------------
>
> Key: NIFI-1476
> URL: https://issues.apache.org/jira/browse/NIFI-1476
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 0.5.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Minor
> Labels: encryption, security
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> The {{public static List<Integer> getValidKeyLengthsForAlgorithm(String algorithm)}} method in {{CipherUtility}} returns a constant list of {{[56, 64, 112, 128, 168, 192]}} for all {{TRIPLEDES}} algorithms. However, some algorithms, such as {{PBEWITHSHAAND2-KEYTRIPLEDES-CBC}} and {{PBEWITHSHAAND3-KEYTRIPLEDES-CBC}} specify the _keying option_ used in the algorithm, and this indicates a more restrictive key length ({{112/128}} for _Keying Option 2_ and {{168/192}} for _Keying Option 1_ respectively).
> Enforce this validation and add unit tests.
> [https://en.wikipedia.org/wiki/Triple_DES#Keying_options|Wikipedia - TripleDES Keying Options]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)