cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sameer Farooqui <cassandral...@gmail.com>
Subject Re: Questions about using MD5 encryption with SimpleAuthenticator
Date Tue, 17 May 2011 22:52:22 GMT
Opps, my bad... please ignore the email below. It actually works with the
plain text password (I had forgotten to update the passwd.properties file on
one node which was causing the login to fail).

Example of successful login:
ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
jdoe -pw 'nosql' -k MDR  Connected to: "Demo_Cluster_beta1" on
ec2-50-19-26-189.compute-1.amazonaws.com/9160
Welcome to the Cassandra CLI.


Would still be nice though to use the bcrypt hash over MD5 for stronger
security.


- Sameer


On Tue, May 17, 2011 at 3:05 PM, Sameer Farooqui <cassandralabs@gmail.com>wrote:

> Hey Aaron,
>
> Unfortunately it fails with plaintext password also:
>
> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
> bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
> jdoe -pw 'nosql' -k MDR  Login failure. Did you specify 'keyspace',
> 'username' and 'password'?
> Welcome to the Cassandra CLI.
> <quit CLI manually>
>
> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
> bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
> jdoe -pw nosql -k MDR
> Login failure. Did you specify 'keyspace', 'username' and 'password'?
> Welcome to the Cassandra CLI.
> <quit CLI manually>
>
> Regarding the security of MD5, I'm not a security guy either, but it seems
> quiet easy to crack, especially for short passwords.
>
> This website was quickly able to decrypt my MD5 digest (which is honestly
> not very complex) and give me the original plaintext:
> http://md5.noisette.ch/index.php
>
> Longer list of MD5 rainbow table sites:
> http://www.stottmeister.com/blog/2009/04/14/how-to-crack-md5-passwords/
>
> Anyway, any help with the original question of how to input the password
> the the Cassandra-CLI would be much appreciated!
>
>
> - Sameer
>
>
>
> On Tue, May 17, 2011 at 1:03 PM, aaron morton <aaron@thelastpickle.com>wrote:
>
>> Use the plain text password via the cli, the server will make a hash and
>> compare it to the one in the file.
>>
>> wrt SHA-2 I'm not a security guy but MD5 is probably "good enough" for the
>> problem of storing passwords in plain text in a file.
>>
>> Hope that helps.
>>
>>  -----------------
>> Aaron Morton
>> Freelance Cassandra Developer
>> @aaronmorton
>> http://www.thelastpickle.com
>>
>> On 17 May 2011, at 10:59, Sameer Farooqui wrote:
>>
>> By the way, just noticed a typo in my email below. I'm using the correct
>> keyspace name in all locations on the cluster... however in my examples
>> below, I used MyKeyspace in some spots and MDR in other spots, but in the
>> cluster I'm specifying the same keyspace name everywhere, so that's not the
>> issue.
>>
>> - Sameer
>>
>>
>> On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui <cassandralabs@gmail.com
>> > wrote:
>>
>>> Hi all,
>>>
>>> We are trying to use MD5 encrypted passwords. Quick question first - Is
>>> SHA-2 supported yet? US-CERT of the U. S. Department of Homeland
>>> Security has said that MD5 "should be considered cryptographically broken
>>> and unsuitable for further use”, and SHA-2 family of hash functions is
>>> recommended.
>>>
>>> The issue I'm seeing is that when I turn on MD5 encryption, I can't log
>>> into the cluster from Cassandra-CLI (I get a login failure).
>>>
>>> The cassandra.in.sh file has been changed as so:
>>>
>>> JVM_OPTS="
>>>
>>> -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties
>>> \
>>>
>>> -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties
>>> \
>>>         -Dpasswd.mode=MD5"
>>>
>>>
>>> And I ran this python script to generate a MD5 hash:
>>> ubuntu@darknet:~$ python
>>> Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39)
>>> [GCC 4.4.5] on linux2
>>> Type "help", "copyright", "credits" or "license" for more information.
>>> >>> from hashlib import md5
>>> >>> p = "nosql"
>>> >>> h = md5(p).hexdigest()
>>> >>> print h
>>> 9fa1b39e7eb877367213e6f7e37d0b01
>>>
>>>
>>> Then I updated the passwd.properties file with the new hashed password:
>>> jdoe=9fa1b39e7eb877367213e6f7e37d0b01
>>>
>>>
>>> Also, the access.properties file is properly set so that jdoe has rw
>>> access to the keyspace and CF:
>>> MyKeyspace.<rw>=jdoe,jsmith
>>> MyKeyspace.MyCF.<rw>=jsmith,jdoe
>>>
>>>
>>> But when I try to connect to the cluster now, I'm getting a login
>>> failure. I have tried a few different ways of connecting:
>>>
>>> Ran this from the Cassandra CLI:
>>> [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160jdoe '9fa1b39e7eb877367213e6f7e37d0b01';
>>> Login failure. Did you specify 'keyspace', 'username' and 'password'?
>>>
>>>
>>> Ran these from the Ubuntu CLI:
>>> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
>>> bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
>>> jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR
>>> Login failure. Did you specify 'keyspace', 'username' and 'password'?
>>>
>>>
>>> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
>>> bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
>>> jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR
>>> Login failure. Did you specify 'keyspace', 'username' and 'password'?
>>>
>>>
>>> Hmm, what am I doing wrong?
>>>
>>> - Sameer
>>>
>>>
>>>
>>
>>
>

Mime
View raw message