Ying Zhang created KYLIN-4902:
---------------------------------
Summary: Avoid using weak cryptographic algorithm
Key: KYLIN-4902
URL: https://issues.apache.org/jira/browse/KYLIN-4902
Project: Kylin
Issue Type: Improvement
Reporter: Ying Zhang
in file
kylin/blob/master/core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java,
AES/ECB/PKCS5PADDING is used for encrypting and decrypting information, line
36 and 49
*Security impact*:
ECB is a deprecated encryption mode used with AES, it may cause inefficient
encryption, here is the comparison example that encrypts a picture with ECB
mode and CBC mode
[https://datalocker.com/what-is-the-difference-between-ecb-mode-versus-cbc-mode-aes-encryption/]
some links here: [https://cwe.mitre.org/data/definitions/327.html]
suggestions: we recommend you use AES/CBC/PKCS5Padding, but CBC mode would
require an iv in the encryption process for security concerns.
*Please share with us your opinions/comments if there is any:*
Is the bug report helpful?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
