symat opened a new pull request #2539: URL: https://github.com/apache/hbase/pull/2539
Currently we are using MD5 hash algorithm to store a hash for encryption keys. This hash is needed to verify the secret key of the subject. (e.g. making sure that the same secret key is used during encrypted HFile read and write). The MD5 algorithm is considered weak, and can not be used in some (e.g. FIPS compliant) clusters. In this patch: - I introduce a backward compatible way of specifying the hash algorithm. This enable us to use newer and more secure hash algorithms like SHA-384 or SHA-512 (which are FIPS compliant). - I also changed the algorithm used by the hbase shell to generate secure keys for column family encryption (this is only used for testing schema in the shell, the proper data keys are generated by the Java API, see e.g. HBASE-10951) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
