Andrew Purtell created HBASE-10065:
--------------------------------------
Summary: Stronger validation of key unwrapping
Key: HBASE-10065
URL: https://issues.apache.org/jira/browse/HBASE-10065
Project: HBase
Issue Type: Improvement
Reporter: Andrew Purtell
Assignee: Andrew Purtell
Priority: Minor
Fix For: 0.98.0
In EncryptionUtil#unwrapKey we use a CRC32 to validate the successful
unwrapping of a data key. I chose a CRC32 to limit overhead. There is only a 1
in 2^32 chance of a random collision, low enough to be extremely unlikely.
However, I was talking with my colleague Jerry Chen today about this. A
cryptographic hash would lower the probability to essentially zero and we are
only wrapping data keys once per HColumnDescriptor and once per HFile, saving a
few bytes here and there only really. Might as well use the SHA of the data key
and in addition consider running AES in GCM mode to cover that hash as
additional authenticated data.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
