[jira] [Updated] (RANGER-3174) Weak Cryptographic Algorithm and hash function used for PBE encryption

Abhishek Kumar (Jira) Wed, 16 Jul 2025 19:57:04 -0700


     [ 
https://issues.apache.org/jira/browse/RANGER-3174?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Abhishek Kumar updated RANGER-3174:
-----------------------------------
    Fix Version/s:     (was: 2.7.0)

> Weak Cryptographic Algorithm and hash function used for PBE encryption
> ----------------------------------------------------------------------
>
>                 Key: RANGER-3174
>                 URL: https://issues.apache.org/jira/browse/RANGER-3174
>             Project: Ranger
>          Issue Type: Improvement
>          Components: kms
>            Reporter: Vicky Zhang
>            Assignee: Vikas Kumar
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> PBEWithMD5AndTripleDES is used in the file 
> /kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java line 310 
> *Security impact*: 
> MD5 is a deprecated hash algorithm and DES also not recommend for symmetric 
> encryption. The use of a broken or risky cryptographic algorithm is an 
> unnecessary risk that may result in the exposure of sensitive information.
> Useful resources: [https://cwe.mitre.org/data/definitions/327.html]
> *suggestions*:
> According to the 
> [https://tools.ietf.org/html/rfc2898.|https://tools.ietf.org/html/rfc2898,] 
> PBKDF2 is highly recommended while doing PBE encryption 
> *Please share with us your opinions/comments if there is any:*
> Is the bug report helpful? 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-3174) Weak Cryptographic Algorithm and hash function used for PBE encryption

Reply via email to