Currently, the two key derivation functions (KDF) supported are NiFi Legacy (1000 iterations of MD5 digest over a password and optional salt) and OpenSSL PKCS#5 v1.5 (a single iteration of MD5 digest over a password and optional salt).
Both of these are very weak – they use a deprecated cryptographic hash function (CHF) with known weakness and susceptibility to collisions (with demonstrated attacks) and a non-configurable and tightly coupled iteration count to derive the key and IV.
Current best practice KDFs (with work factor recommendations) are as follows:
- PBKDF2 with variable hash function (SHA1, SHA256, SHA384, SHA512, or ideally HMAC variants of these functions) and variable iteration count (in the 10k - 1M range).
- bcrypt with work factor of 12 - 16
- scrypt with work factor of (2^14 - 2^20, 8, 1)
The salt and iteration count should be stored alongside the hashed record (bcrypt handles this natively).