[ https://issues.apache.org/jira/browse/HBASE-10065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13837474#comment-13837474 ]
Anoop Sam John commented on HBASE-10065: ---------------------------------------- +1 > Stronger validation of key unwrapping > ------------------------------------- > > Key: HBASE-10065 > URL: https://issues.apache.org/jira/browse/HBASE-10065 > Project: HBase > Issue Type: Improvement > Reporter: Andrew Purtell > Assignee: Andrew Purtell > Priority: Minor > Fix For: 0.98.0 > > Attachments: 10065.patch > > > In EncryptionUtil#unwrapKey we use a CRC32 to validate the successful > unwrapping of a data key. I chose a CRC32 to limit overhead. There is only a > 1 in 2^32 chance of a random collision, low enough to be extremely unlikely. > However, I was talking with my colleague Jerry Chen today about this. A > cryptographic hash would lower the probability to essentially zero and we are > only wrapping data keys once per HColumnDescriptor and once per HFile, saving > a few bytes here and there only really. Might as well use the SHA of the data > key and in addition consider running AES in GCM mode to cover that hash as > additional authenticated data. -- This message was sent by Atlassian JIRA (v6.1#6144)