[jira] [Updated] (NIFI-1465) Upgrade encryption of sensitive properties
[ https://issues.apache.org/jira/browse/NIFI-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mark Payne updated NIFI-1465: - Issue Type: Improvement (was: Bug) > Upgrade encryption of sensitive properties > -- > > Key: NIFI-1465 > URL: https://issues.apache.org/jira/browse/NIFI-1465 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework >Affects Versions: 0.5.0 >Reporter: Andy LoPresto >Assignee: David Handermann >Priority: Major > Labels: encryption, security > Fix For: 1.14.0 > > Original Estimate: 120h > Remaining Estimate: 120h > > Currently, NiFi accepts a password and encryption algorithm in > {{nifi.properties}} which are used to encrypt all sensitive processor > properties throughout the application. The password defaults to empty and the > algorithm defaults to {{PBEWITHMD5AND256BITAES-CBC-OPENSSL}}. This algorithm: > * uses a digest function ({{MD5}}) which is not cryptographically secure > [1][2][3][4] > * uses a single iteration count [5][6] > * limits password input to 16 characters on JVMs without the unlimited > strength cryptographic jurisdiction policy files installed [NIFI-1255] > all of which combine to make it extremely insecure. We should change the > default algorithm to use a strong key derivation function (KDF) [7] which > will properly derive a key to protect the sensitive properties. > Because existing systems have already encrypted the properties using a key > derived from the original settings, we should provide a translation/upgrade > utility to seamlessly convert the stored values from the old password & > algorithm combination to the new. > [1] http://security.stackexchange.com/a/19908/16485 > [2] http://security.stackexchange.com/a/31846/16485 > [3] > http://security.stackexchange.com/questions/52461/how-weak-is-md5-as-a-password-hashing-function > [4] http://security.stackexchange.com/a/31410/16485 > [5] http://security.stackexchange.com/a/29139/16485 > [6] https://www.openssl.org/docs/manmaster/crypto/EVP_BytesToKey.html > [7] > https://cwiki.apache.org/confluence/display/NIFI/Key+Derivation+Function+Explanations -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-1465) Upgrade encryption of sensitive properties
[ https://issues.apache.org/jira/browse/NIFI-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Villard updated NIFI-1465: - Resolution: Fixed Status: Resolved (was: Patch Available) > Upgrade encryption of sensitive properties > -- > > Key: NIFI-1465 > URL: https://issues.apache.org/jira/browse/NIFI-1465 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 0.5.0 >Reporter: Andy LoPresto >Assignee: David Handermann >Priority: Major > Labels: encryption, security > Fix For: 1.14.0 > > Original Estimate: 120h > Remaining Estimate: 120h > > Currently, NiFi accepts a password and encryption algorithm in > {{nifi.properties}} which are used to encrypt all sensitive processor > properties throughout the application. The password defaults to empty and the > algorithm defaults to {{PBEWITHMD5AND256BITAES-CBC-OPENSSL}}. This algorithm: > * uses a digest function ({{MD5}}) which is not cryptographically secure > [1][2][3][4] > * uses a single iteration count [5][6] > * limits password input to 16 characters on JVMs without the unlimited > strength cryptographic jurisdiction policy files installed [NIFI-1255] > all of which combine to make it extremely insecure. We should change the > default algorithm to use a strong key derivation function (KDF) [7] which > will properly derive a key to protect the sensitive properties. > Because existing systems have already encrypted the properties using a key > derived from the original settings, we should provide a translation/upgrade > utility to seamlessly convert the stored values from the old password & > algorithm combination to the new. > [1] http://security.stackexchange.com/a/19908/16485 > [2] http://security.stackexchange.com/a/31846/16485 > [3] > http://security.stackexchange.com/questions/52461/how-weak-is-md5-as-a-password-hashing-function > [4] http://security.stackexchange.com/a/31410/16485 > [5] http://security.stackexchange.com/a/29139/16485 > [6] https://www.openssl.org/docs/manmaster/crypto/EVP_BytesToKey.html > [7] > https://cwiki.apache.org/confluence/display/NIFI/Key+Derivation+Function+Explanations -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-1465) Upgrade encryption of sensitive properties
[ https://issues.apache.org/jira/browse/NIFI-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-1465: --- Status: Patch Available (was: In Progress) > Upgrade encryption of sensitive properties > -- > > Key: NIFI-1465 > URL: https://issues.apache.org/jira/browse/NIFI-1465 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 0.5.0 >Reporter: Andy LoPresto >Assignee: David Handermann >Priority: Major > Labels: encryption, security > Fix For: 1.14.0 > > Original Estimate: 120h > Remaining Estimate: 120h > > Currently, NiFi accepts a password and encryption algorithm in > {{nifi.properties}} which are used to encrypt all sensitive processor > properties throughout the application. The password defaults to empty and the > algorithm defaults to {{PBEWITHMD5AND256BITAES-CBC-OPENSSL}}. This algorithm: > * uses a digest function ({{MD5}}) which is not cryptographically secure > [1][2][3][4] > * uses a single iteration count [5][6] > * limits password input to 16 characters on JVMs without the unlimited > strength cryptographic jurisdiction policy files installed [NIFI-1255] > all of which combine to make it extremely insecure. We should change the > default algorithm to use a strong key derivation function (KDF) [7] which > will properly derive a key to protect the sensitive properties. > Because existing systems have already encrypted the properties using a key > derived from the original settings, we should provide a translation/upgrade > utility to seamlessly convert the stored values from the old password & > algorithm combination to the new. > [1] http://security.stackexchange.com/a/19908/16485 > [2] http://security.stackexchange.com/a/31846/16485 > [3] > http://security.stackexchange.com/questions/52461/how-weak-is-md5-as-a-password-hashing-function > [4] http://security.stackexchange.com/a/31410/16485 > [5] http://security.stackexchange.com/a/29139/16485 > [6] https://www.openssl.org/docs/manmaster/crypto/EVP_BytesToKey.html > [7] > https://cwiki.apache.org/confluence/display/NIFI/Key+Derivation+Function+Explanations -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (NIFI-1465) Upgrade encryption of sensitive properties
[ https://issues.apache.org/jira/browse/NIFI-1465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andy LoPresto updated NIFI-1465: Description: Currently, NiFi accepts a password and encryption algorithm in {{nifi.properties}} which are used to encrypt all sensitive processor properties throughout the application. The password defaults to empty and the algorithm defaults to {{PBEWITHMD5AND256BITAES-CBC-OPENSSL}}. This algorithm: * uses a digest function ({{MD5}}) which is not cryptographically secure [1][2][3][4] * uses a single iteration count [5][6] * limits password input to 16 characters on JVMs without the unlimited strength cryptographic jurisdiction policy files installed [NIFI-1255] all of which combine to make it extremely insecure. We should change the default algorithm to use a strong key derivation function (KDF) [7] which will properly derive a key to protect the sensitive properties. Because existing systems have already encrypted the properties using a key derived from the original settings, we should provide a translation/upgrade utility to seamlessly convert the stored values from the old password & algorithm combination to the new. [1] http://security.stackexchange.com/a/19908/16485 [2] http://security.stackexchange.com/a/31846/16485 [3] http://security.stackexchange.com/questions/52461/how-weak-is-md5-as-a-password-hashing-function [4] http://security.stackexchange.com/a/31410/16485 [5] http://security.stackexchange.com/a/29139/16485 [6] https://www.openssl.org/docs/manmaster/crypto/EVP_BytesToKey.html [7] https://cwiki.apache.org/confluence/display/NIFI/Key+Derivation+Function+Explanations was: Currently, NiFi accepts a password and encryption algorithm in `nifi.properties` which are used to encrypt all sensitive processor properties throughout the application. The password defaults to empty and the algorithm defaults to {{PBEWITHMD5AND256BITAES-CBC-OPENSSL}}. This algorithm: * uses a digest function ({{MD5}}) which is not cryptographically secure [1][2][3][4] * uses a single iteration count [5][6] * limits password input to 16 characters on JVMs without the unlimited strength cryptographic jurisdiction policy files installed [NIFI-1255] all of which combine to make it extremely insecure. We should change the default algorithm to use a strong key derivation function (KDF) [7] which will properly derive a key to protect the sensitive properties. Because existing systems have already encrypted the properties using a key derived from the original settings, we should provide a translation/upgrade utility to seamlessly convert the stored values from the old password & algorithm combination to the new. [1] http://security.stackexchange.com/a/19908/16485 [2] http://security.stackexchange.com/a/31846/16485 [3] http://security.stackexchange.com/questions/52461/how-weak-is-md5-as-a-password-hashing-function [4] http://security.stackexchange.com/a/31410/16485 [5] http://security.stackexchange.com/a/29139/16485 [6] https://www.openssl.org/docs/manmaster/crypto/EVP_BytesToKey.html [7] https://cwiki.apache.org/confluence/display/NIFI/Key+Derivation+Function+Explanations > Upgrade encryption of sensitive properties > -- > > Key: NIFI-1465 > URL: https://issues.apache.org/jira/browse/NIFI-1465 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 0.5.0 >Reporter: Andy LoPresto >Assignee: Andy LoPresto > Labels: encryption, security > Original Estimate: 120h > Remaining Estimate: 120h > > Currently, NiFi accepts a password and encryption algorithm in > {{nifi.properties}} which are used to encrypt all sensitive processor > properties throughout the application. The password defaults to empty and the > algorithm defaults to {{PBEWITHMD5AND256BITAES-CBC-OPENSSL}}. This algorithm: > * uses a digest function ({{MD5}}) which is not cryptographically secure > [1][2][3][4] > * uses a single iteration count [5][6] > * limits password input to 16 characters on JVMs without the unlimited > strength cryptographic jurisdiction policy files installed [NIFI-1255] > all of which combine to make it extremely insecure. We should change the > default algorithm to use a strong key derivation function (KDF) [7] which > will properly derive a key to protect the sensitive properties. > Because existing systems have already encrypted the properties using a key > derived from the original settings, we should provide a translation/upgrade > utility to seamlessly convert the stored values from the old password & > algorithm combination to the new. > [1] http://security.stackexchange.com/a/19908/16485 > [2] http://security.stackexchange.com/a/31846/16485 > [3] > http://security.stackexchange.com/questions/52461/how-weak-is-md5-as-a-p