[ https://issues.apache.org/jira/browse/HBASE-25181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on HBASE-25181 started by Mate Szalay-Beko. ------------------------------------------------ > Configure hash algorithm in wrapped encryption keys > --------------------------------------------------- > > Key: HBASE-25181 > URL: https://issues.apache.org/jira/browse/HBASE-25181 > Project: HBase > Issue Type: Improvement > Affects Versions: 2.3.2 > Reporter: Mate Szalay-Beko > Assignee: Mate Szalay-Beko > Priority: Major > > Currently we are using MD5 hash algorithm to store a hash for encryption > keys. This hash is needed to verify the secret key of the subject. (e.g. > making sure that the same secrey key is used during encrypted HFile read and > write). The MD5 algorithm is considered weak, and can not be used in some > (e.g. FIPS compliant) clusters. > In the patch I plan to: > * introduce a backward compatible way of specifying the hash algorithm. This > enable us to use newer and more secure hash algorithms like SHA-384 or > SHA-512 (which are FIPS compliant). > * change the algoritm used by the hbase shell to generate secure keys for > column family encryption (this is only used for testing schema in the shell, > the proper data keys are generated by the Java API, see e.g. HBASE-10951) -- This message was sent by Atlassian Jira (v8.3.4#803005)