db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4483) Provide a way to change the hash algorithm used by BUILTIN authentication
Date Tue, 23 Mar 2010 16:25:27 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Knut Anders Hatlen updated DERBY-4483:
--------------------------------------

    Attachment: releaseNote.html
                derby-4483-2a.diff
                derby-4483-2a.stat

Attached is a new patch (2a) that enables the configurable hash scheme by default in new databases.
The patch makes SHA-256 the default algorithm. SHA-256 is believed to be more secure than
the currently used SHA-1 algorithm, and it's also one of the algorithms NIST recommended U.S.
Government agencies to use instead of SHA-1 (see http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html#Approved%20Algorithms).
The default algorithm can easily be changed, though, if someone thinks we should have another
default. Also, it's possible to change the default in a future release just by changing the
value of a constant, and that should not have any compatibility implications that I'm aware
of, so we won't be stuck forever with the algorithm we pick here.

Making the configurable hash authentication scheme the default authentication scheme has one
known compatibility implication: Strong password substitution when exchanging credentials
between the network client and the server will not work in new databases unless you manually
disable the configurable hash authentication scheme first (by setting the derby.authentication.builtin.algorithm
property to null). Because of this, I'm attaching a release note as well.

Here's a description of the changes made by the patch:

- iapi/reference/Property.java: added a constant for the default value (SHA-256) of the property
that enables the new scheme

- impl/sql/catalog/DataDictionaryImpl.java: set the database property when the database is
created (note: only on database creation, so upgraded databases will continue working the
same way as before)

- tests/jdbcapi/AuthenticationTest.java: added test case to verify that the property was initialized
to SHA-256

- tests/upgradeTests/Changes10_6.java: added test case to verify that the authentication scheme
does not change on upgrade

- tests/derbynet/NSSecurityMechanismTest.java: disable the new scheme for the test case that
tests strong password substitution together with BUILTIN authentication

All the regression tests ran cleanly with the patch. Comments on the patch and the release
note would be appreciated. Thanks.

> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>
>                 Key: DERBY-4483
>                 URL: https://issues.apache.org/jira/browse/DERBY-4483
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.5.3.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>             Fix For: 10.6.0.0
>
>         Attachments: comments.diff, derby-4483-1a.diff, derby-4483-1a.stat, derby-4483-2a.diff,
derby-4483-2a.stat, experiment.diff, releaseNote.html, toHexByte.diff, upgrade-test.diff
>
>
> The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1
algorithm. It would be nice to have way to specify a different algorithm so that users can
take advantage of new, stronger algorithms provided by their JCE provider if so desired.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message