Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
3.4.2, 3.5.0
-
None
-
None
Description
The cipher transformation currently used for encrypting RPC calls is an unauthenticated mode (AES/CTR/NoPadding). This needs to be upgraded to an authenticated mode (AES/GCM/NoPadding) to prevent ciphertext from being modified in transit.
The relevant line is here: https://github.com/apache/spark/blob/a939a7d0fd9c6b23c879cbee05275c6fbc939e38/common/network-common/src/main/java/org/apache/spark/network/util/TransportConf.java#L220
GCM is relatively more computationally expensive than CTR and adds a 16-byte block of authentication tag data to each payload.