Return-Path: X-Original-To: apmail-db-derby-dev-archive@www.apache.org Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 63ECF9077 for ; Mon, 4 Jun 2012 20:01:24 +0000 (UTC) Received: (qmail 76432 invoked by uid 500); 4 Jun 2012 20:01:24 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 76381 invoked by uid 500); 4 Jun 2012 20:01:24 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 76245 invoked by uid 99); 4 Jun 2012 20:01:23 -0000 Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Jun 2012 20:01:23 +0000 Received: from isssues-vm.apache.org (localhost [127.0.0.1]) by issues-vm (Postfix) with ESMTP id D7CE61404B9 for ; Mon, 4 Jun 2012 20:01:23 +0000 (UTC) Date: Mon, 4 Jun 2012 20:01:23 +0000 (UTC) From: "Rick Hillegas (JIRA)" To: derby-dev@db.apache.org Message-ID: <1296470766.35934.1338840083887.JavaMail.jiratomcat@issues-vm> In-Reply-To: <2060878091.52119.1329512697155.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (DERBY-5622) Reduce the chance for hash collisions when checking bootPassword at boot time and when changing password. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DERBY-5622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13288847#comment-13288847 ] Rick Hillegas commented on DERBY-5622: -------------------------------------- I am trying to figure out the data corruption entailed here. I can see a code path by which supplying a wrong boot password can stumble forward to die on a ClassNotFoundException. But after that, the correct boot password still boots the database. Can you help me understand how to trigger a data corruption? Thanks. > Reduce the chance for hash collisions when checking bootPassword at boot time and when changing password. > --------------------------------------------------------------------------------------------------------- > > Key: DERBY-5622 > URL: https://issues.apache.org/jira/browse/DERBY-5622 > Project: Derby > Issue Type: Improvement > Components: Store > Reporter: Dag H. Wanvik > > There are two issues, already seen in DERBY-2687: > "the boot issue": there is a 1/2**16 chance that a wrong bootPassword will allow boot to proceed (but since its decoded key is wrong the boot will fail). > "the password change" issue: similarly, there is a chance that the wrong bootPassword will be accepted trying to change it via > SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('bootPassword', ...) at least for algorithms that do not check IV (initialization vector) in addition to the > digest, e.g. "DES/ECB/NoPadding" > The latter case may lead to data corruption, cf. DERBY-2687 discussion. I think the risk is fairly low, though: One would need to have execution permission to change the property if SQL authorization is used, and in most scenarios the supplied existing password would be correct. But since the results can be bad, it would be good to reduce or eliminate the risk. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira