Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-7669

Add flow protection key caching mechanism for derived keys

    XMLWordPrintableJSON

    Details

      Description

      The specific algorithm introduced in NIFI-7638 introduces a ~1 sec delay in every encryption operation (which occurs during every flow synchronization and serialization to disk) due to the Argon2 KDF process. This is an acceptable tradeoff for security-conscious users at this time, but can be improved through a key caching mechanism in memory. Deriving the key once at application startup and using it directly will remove this delay, and the key cannot change without an application restart.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                alopresto Andy LoPresto
                Reporter:
                alopresto Andy LoPresto
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h