cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Tunnicliffe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking
Date Wed, 30 Aug 2017 09:54:00 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16146990#comment-16146990
] 

Sam Tunnicliffe commented on CASSANDRA-13626:
---------------------------------------------

bq.checkpw does an even worse job of failing nicely

In what way(s)? Checking with a few strings that would be caught by this validation, {{checkpw}}
seems to behave as expected. 
This validation would help us detect that we have stored invalid hash values, so that could
be useful in diagnosing unexpected auth failures & debugging their causes. That will obviously
require logging when the validation fails before throwing the {{AuthenticationException}},
so we should separate it from the actual {{checkPw}} call.  

On the actual validation, the 22 character component is actually the salt, not the cost -
the bcrypt format is {{$<id>$<cost>$<salt><digest>}}. Cost, salt and
digest are all fixed length (2, 22 & 31 chars repectively), whereas id may be 1 or 2 chars,
though we have only ever used a version of jbcrypt that generates the 2 char variant. So we
could simplify that check to {{length == 60}}. If {{checkpw}} *is* correctly returning false
when the stored hash is invalid though, we only really need to do the validation on failure,
in which case we could a more thorough check than simply looking at the length, if that's
worthwhile.   


> Check hashed password matches expected bcrypt hash format before checking
> -------------------------------------------------------------------------
>
>                 Key: CASSANDRA-13626
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13626
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Auth
>            Reporter: Jeff Jirsa
>            Assignee: Jeff Jirsa
>            Priority: Minor
>             Fix For: 3.0.x, 3.11.x, 4.x
>
>
> We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job of guaranteeing
that the hashed password we send to it is really a hashed password, and {{checkpw}} does an
even worse job of failing nicely. We should at least sanity check the hash complies with the
expected format prior to validating.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message