cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sameer Farooqui <cassandral...@gmail.com>
Subject Re: Questions about using MD5 encryption with SimpleAuthenticator
Date Tue, 17 May 2011 22:05:55 GMT
Hey Aaron,

Unfortunately it fails with plaintext password also:

ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
jdoe -pw 'nosql' -k MDR  Login failure. Did you specify 'keyspace',
'username' and 'password'?
Welcome to the Cassandra CLI.
<quit CLI manually>

ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
jdoe -pw nosql -k MDR
Login failure. Did you specify 'keyspace', 'username' and 'password'?
Welcome to the Cassandra CLI.
<quit CLI manually>

Regarding the security of MD5, I'm not a security guy either, but it seems
quiet easy to crack, especially for short passwords.

This website was quickly able to decrypt my MD5 digest (which is honestly
not very complex) and give me the original plaintext:
http://md5.noisette.ch/index.php

Longer list of MD5 rainbow table sites:
http://www.stottmeister.com/blog/2009/04/14/how-to-crack-md5-passwords/

Anyway, any help with the original question of how to input the password the
the Cassandra-CLI would be much appreciated!


- Sameer



On Tue, May 17, 2011 at 1:03 PM, aaron morton <aaron@thelastpickle.com>wrote:

> Use the plain text password via the cli, the server will make a hash and
> compare it to the one in the file.
>
> wrt SHA-2 I'm not a security guy but MD5 is probably "good enough" for the
> problem of storing passwords in plain text in a file.
>
> Hope that helps.
>
> -----------------
> Aaron Morton
> Freelance Cassandra Developer
> @aaronmorton
> http://www.thelastpickle.com
>
> On 17 May 2011, at 10:59, Sameer Farooqui wrote:
>
> By the way, just noticed a typo in my email below. I'm using the correct
> keyspace name in all locations on the cluster... however in my examples
> below, I used MyKeyspace in some spots and MDR in other spots, but in the
> cluster I'm specifying the same keyspace name everywhere, so that's not the
> issue.
>
> - Sameer
>
>
> On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui <cassandralabs@gmail.com>wrote:
>
>> Hi all,
>>
>> We are trying to use MD5 encrypted passwords. Quick question first - Is
>> SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security
>> has said that MD5 "should be considered cryptographically broken and
>> unsuitable for further use”, and SHA-2 family of hash functions is
>> recommended.
>>
>> The issue I'm seeing is that when I turn on MD5 encryption, I can't log
>> into the cluster from Cassandra-CLI (I get a login failure).
>>
>> The cassandra.in.sh file has been changed as so:
>>
>> JVM_OPTS="
>>
>> -Dpasswd.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passwd.properties
>> \
>>
>> -Daccess.properties=/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/access.properties
>> \
>>         -Dpasswd.mode=MD5"
>>
>>
>> And I ran this python script to generate a MD5 hash:
>> ubuntu@darknet:~$ python
>> Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39)
>> [GCC 4.4.5] on linux2
>> Type "help", "copyright", "credits" or "license" for more information.
>> >>> from hashlib import md5
>> >>> p = "nosql"
>> >>> h = md5(p).hexdigest()
>> >>> print h
>> 9fa1b39e7eb877367213e6f7e37d0b01
>>
>>
>> Then I updated the passwd.properties file with the new hashed password:
>> jdoe=9fa1b39e7eb877367213e6f7e37d0b01
>>
>>
>> Also, the access.properties file is properly set so that jdoe has rw
>> access to the keyspace and CF:
>> MyKeyspace.<rw>=jdoe,jsmith
>> MyKeyspace.MyCF.<rw>=jsmith,jdoe
>>
>>
>> But when I try to connect to the cluster now, I'm getting a login failure.
>> I have tried a few different ways of connecting:
>>
>> Ran this from the Cassandra CLI:
>> [default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160jdoe '9fa1b39e7eb877367213e6f7e37d0b01';
>> Login failure. Did you specify 'keyspace', 'username' and 'password'?
>>
>>
>> Ran these from the Ubuntu CLI:
>> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
>> bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
>> jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR
>> Login failure. Did you specify 'keyspace', 'username' and 'password'?
>>
>>
>> ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$
>> bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u
>> jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR
>> Login failure. Did you specify 'keyspace', 'username' and 'password'?
>>
>>
>> Hmm, what am I doing wrong?
>>
>> - Sameer
>>
>>
>>
>
>

Mime
View raw message