[
https://issues.apache.org/jira/browse/HADOOP-10734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14057750#comment-14057750
]
Mike Yoder commented on HADOOP-10734:
-------------------------------------
Another consideration in the US is meeting the FIPS specification regarding
random number generation. The latest guidance for FIPS requires the use of
NIST SP 800-90
(http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf) for random
number generation. We can get this "for free" using openssl, if openssl is
recent and compiled in FIPS mode. So we should at least have a switch that
enables the use of openssl's prng (I confess I haven't looked at the
patches...). I'm not sure if there is a java implementation of SP 800-90 or
not...
> Implementation of true secure random with high performance using hardware
> random number generator.
> --------------------------------------------------------------------------------------------------
>
> Key: HADOOP-10734
> URL: https://issues.apache.org/jira/browse/HADOOP-10734
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
> Reporter: Yi Liu
> Assignee: Yi Liu
> Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
> Attachments: HADOOP-10734-fs-enc.004.patch, HADOOP-10734.1.patch,
> HADOOP-10734.2.patch, HADOOP-10734.3.patch, HADOOP-10734.4.patch,
> HADOOP-10734.patch
>
>
> This JIRA is to implement Secure random using JNI to OpenSSL, and
> implementation should be thread-safe.
> Utilize RdRand to return random numbers from hardware random number
> generator. It's TRNG(True Random Number generators) having much higher
> performance than {{java.security.SecureRandom}}.
> https://wiki.openssl.org/index.php/Random_Numbers
> http://en.wikipedia.org/wiki/RdRand
> https://software.intel.com/en-us/articles/performance-impact-of-intel-secure-key-on-openssl
--
This message was sent by Atlassian JIRA
(v6.2#6252)
