[jira] [Commented] (HADOOP-10734) Implementation of true secure random with high performance using hardware random number generator.

Colin Patrick McCabe (JIRA) Wed, 02 Jul 2014 12:21:02 -0700

    [ 
https://issues.apache.org/jira/browse/HADOOP-10734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14050588#comment-14050588
 ]


Colin Patrick McCabe commented on HADOOP-10734:
-----------------------------------------------

I guess one advantage of the proposed scheme here is that it works on Windows 
and BSD, where {{/dev/urandom}} doesn't exist (although there may be other 
platform-specific mechanisms).

It seems easy to read a few kilobytes from {{/dev/urandom}} at a time, so that 
you don't find yourself doing lots of small read operations.  I actually have 
the same problem with the scheme here: JNI calls are expensive... do we know 
how many random bits the API user is getting at a time?  If that number is 
small, we might want to implement batching.  I also think we should consider 
using ByteBuffer rather than byte[] array, if performance is the primary goal.

{code}
+static unsigned long pthreads_thread_id(void)
+{
+  return (unsigned long)pthread_self();
+}
{code}

This is not correct.  The type of {{pthread_t}} is not known.  If you want a 
numeric thread ID, you could try {{gettid}} on Linux.

{code}
+  public long nextLong() {
+    return ((long)(next(32)) << 32) + next(32);
+  }
{code}

Why use addition rather than bitwise OR here?

{code}
+  final protected int next(int numBits) {
{code}
Should be private

> Implementation of true secure random with high performance using hardware 
> random number generator.
> --------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10734
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10734
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Yi Liu
>            Assignee: Yi Liu
>             Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
>         Attachments: HADOOP-10734.patch
>
>
> This JIRA is to implement Secure random using JNI to OpenSSL, and 
> implementation should be thread-safe.
> Utilize RdRand to return random numbers from hardware random number 
> generator. It's TRNG(True Random Number generators) having much higher 
> performance than {{java.security.SecureRandom}}. 
> https://wiki.openssl.org/index.php/Random_Numbers
> http://en.wikipedia.org/wiki/RdRand
> https://software.intel.com/en-us/articles/performance-impact-of-intel-secure-key-on-openssl



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HADOOP-10734) Implementation of true secure random with high performance using hardware random number generator.

Reply via email to