You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kylin.apache.org by "Xiaoxiang Yu (Jira)" <ji...@apache.org> on 2021/03/24 01:47:00 UTC
[jira] [Updated] (KYLIN-4902) Avoid using weak cryptographic
algorithm
[ https://issues.apache.org/jira/browse/KYLIN-4902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xiaoxiang Yu updated KYLIN-4902:
--------------------------------
Fix Version/s: (was: v3.1.2)
> Avoid using weak cryptographic algorithm
> -----------------------------------------
>
> Key: KYLIN-4902
> URL: https://issues.apache.org/jira/browse/KYLIN-4902
> Project: Kylin
> Issue Type: Improvement
> Reporter: Vicky Zhang
> Assignee: Yaqian Zhang
> Priority: Major
>
> in file kylin/blob/master/core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java, AES/ECB/PKCS5PADDING is used for encrypting and decrypting information, line 36 and 49
> *Security impact*:
> ECB is a deprecated encryption mode used with AES, it may cause inefficient encryption, here is the comparison example that encrypts a picture with ECB mode and CBC mode [https://datalocker.com/what-is-the-difference-between-ecb-mode-versus-cbc-mode-aes-encryption/]
> some links here: [https://cwe.mitre.org/data/definitions/327.html]
> suggestions: we recommend you use AES/CBC/PKCS5Padding, but CBC mode would require an iv in the encryption process for security concerns.
> *Please share with us your opinions/comments if there is any:*
> Is the bug report helpful?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)