[
https://issues.apache.org/jira/browse/RANGER-3174?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17880973#comment-17880973
]
Vikas Kumar commented on RANGER-3174:
-------------------------------------
*Existing Approach to encrypt//decrypt MasterKey/ZoneKeys:*
1. Generate Secretkey using *PBEWithMD5ANDTripleDES* with required KeySpec
parameters
2. Create Cipher with the same algo, that is , PBEWithMD5ANDTripleDES and
initialize with the above Secretkey
3. And finally, encrypt the data ( here key).
*New proposed Approach :*
1. Generate a unique SecretKey using *PBKDF2WithHmacSHA256* algorithm and their
required keySpec parameters like password, salt, iterationCount, keylength.
2. Create Cipher with {*}"AES/CBC/PKCS7Padding"{*},
3. Initialize Cipher with uniquely generated InitializationVector (IV) for each
key.
3. And finally, encrypt the data ( here key).
I did one basic POC with above algorithm and basic cases were working.
*For fresh/new setup:* proper encryption algorithm initialization is required.
*For upgrade case:* For existing cluster, MasterKey needs to decrypted with
older algo and re-encrypted using new one. Here idea is to preserve the MK
bytes and re-encrypt with new algo and cipher.
Similarly for all zone keys: It needs to be ecrypted using old algo and
encrypted using new one. That means, changes in rangerkeyStore.seal() and
RangerKeyStore.unseal()
*Request community to provide feedback on selection of Algorithm and Cipher.*
Reference for Cipher :
[https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf]
> Weak Cryptographic Algorithm and hash function used for PBE encryption
> ----------------------------------------------------------------------
>
> Key: RANGER-3174
> URL: https://issues.apache.org/jira/browse/RANGER-3174
> Project: Ranger
> Issue Type: Improvement
> Components: kms
> Reporter: Vicky Zhang
> Assignee: Vikas Kumar
> Priority: Major
>
> PBEWithMD5AndTripleDES is used in the file
> /kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java line 310
> *Security impact*:
> MD5 is a deprecated hash algorithm and DES also not recommend for symmetric
> encryption. The use of a broken or risky cryptographic algorithm is an
> unnecessary risk that may result in the exposure of sensitive information.
> Useful resources: [https://cwe.mitre.org/data/definitions/327.html]
> *suggestions*:
> According to the
> [https://tools.ietf.org/html/rfc2898.|https://tools.ietf.org/html/rfc2898,]
> PBKDF2 is highly recommended while doing PBE encryption
> *Please share with us your opinions/comments if there is any:*
> Is the bug report helpful?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
