Return-Path: 
 <commits-return-158869-apmail-cassandra-commits-archive=cassandra.apache.org@cassandra.apache.org>
X-Original-To: apmail-cassandra-commits-archive@www.apache.org
Delivered-To: apmail-cassandra-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3BAD91847F
	for <apmail-cassandra-commits-archive@www.apache.org>;
 Tue, 19 Jan 2016 14:57:40 +0000 (UTC)
Received: (qmail 26658 invoked by uid 500); 19 Jan 2016 14:57:40 -0000
Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org
Received: (qmail 26610 invoked by uid 500); 19 Jan 2016 14:57:40 -0000
Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cassandra.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cassandra.apache.org>
List-Post: <mailto:commits@cassandra.apache.org>
List-Id: <commits.cassandra.apache.org>
Reply-To: dev@cassandra.apache.org
Delivered-To: mailing list commits@cassandra.apache.org
Received: (qmail 26567 invoked by uid 99); 19 Jan 2016 14:57:39 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Jan 2016 14:57:39 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id D013F2C14F2
	for <commits@cassandra.apache.org>; Tue, 19 Jan 2016 14:57:39 +0000 (UTC)
Date: Tue, 19 Jan 2016 14:57:39 +0000 (UTC)
From: "Mike Adamson (JIRA)" <jira@apache.org>
To: commits@cassandra.apache.org
Message-ID: <JIRA.12931502.1452873807000.148323.1453215459848@Atlassian.JIRA>
In-Reply-To: <JIRA.12931502.1452873807000@Atlassian.JIRA>
References: <JIRA.12931502.1452873807000@Atlassian.JIRA>
 <JIRA.12931502.1452873807038@arcas>
Subject: [jira] [Updated] (CASSANDRA-11022) Use SHA hashing to store
 password in the credentials cache
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/CASSANDRA-11022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mike Adamson updated CASSANDRA-11022:
-------------------------------------
    Fix Version/s: 3.4

> Use SHA hashing to store password in the credentials cache
> ----------------------------------------------------------
>
>                 Key: CASSANDRA-11022
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11022
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Mike Adamson
>             Fix For: 3.4
>
>
> In CASSANDRA-7715 a credentials cache has been added to the {{PasswordAuthenticator}} to improve performance when multiple authentications occur for the same user. 
> Unfortunately, the bcrypt hash is being cached which is one of the major performance overheads in password authentication. 
> I propose that the cache is changed to use a SHA-<xxx> hash to store the user password. As long as the cache is cleared for the user on an unsuccessful authentication this won't significantly increase the ability of an attacker to use a brute force attack because every other attempt will use bcrypt.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)