incubator-cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Morten Wegelbye Nissen <...@monit.dk>
Subject Re: Further enhancments in j.a.c.auth
Date Wed, 10 Mar 2010 23:29:25 GMT
Ted Zlatanov wrote:
> On Tue, 09 Mar 2010 22:42:33 +0100 Morten Wegelbye Nissen <mwn@monit.dk> wrote:

>
> MWN> In simple authenticator its possible to configure passwords to be
> MWN> stored as MD5 sums - for a security sucker there is two problems here.
> MWN> MD5 is broken[1].
>
> (I wrote some of the auth code, including SimpleAuthenticator)
>
> MD5 is fast and better than no hashing at all.  It's not *easy* to
> extract the original password from an unsalted MD5 hash, either.
>
>   
That its fast is more a part of the problem. Password extraction is now 
boiled down to - if one choose a strong password.
But lets not go any deeper here, I guess this is not the main focus for 
this project.
> SimpleAuthenticator is not intended to be a comprehensive security
> solution.  You should be using LDAP/AD/whatever works in your
> environment and write your own authenticator.  That's why the
> IAuthenticator can be specified in the configuration.
>
>   
I love this approach.
> I plan to write a generic LDAP/AD IAuthenticator in the near future but
> haven't had the time.  It wouldn't be terribly difficult if you're
> interested.
>   
I would love to. But I would not do it if from the beginning never would 
have a chance to be part of Cassandra. (ie. I have no need for LDAP 
support myself)

I browsed a little around to find a suitable place to store 
configuration for such a thing, and as I see it, it would be best to 
have its own configuration file. No?

> MWN> There is no salt added to clear value, means if two users choose to
> MWN> have same password, the encoded values would be the same.  I
> MWN> suggest that someone add support for a alternative hashing
> MWN> algorithm. And that the hash is calculated with some
> MWN> prefix. (username maybe)
>
> MWN> I know the present is better then having the passwords in
> MWN> cleartext. But, when a user choose to enable the password hashing,
> MWN> it's for a reason. And there is no reason to choose to jump into the
> MWN> common security pitfalls :)
>
> Perhaps it was a mistake to include MD5 hashing at all, but I still
> think it's better than storing plain passwords.  If you have drop-in
> improvements, please submit a patch.
>
> On Tue, 9 Mar 2010 16:19:21 -0600 Jonathan Ellis <jbellis@gmail.com> wrote: 
>
> JE> We should probably use http://www.mindrot.org/projects/jBCrypt/.
> JE> (Lots of background:
> JE> http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html)
>
> jBCrypt could be a drop-in, sure.  The hashing mechanism shouldn't
> matter.
>
> JE> We kind of have a nagging feeling though that rolling our own auth
> JE> framework in 2010 is the wrong approach.
> JE> http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer
> JE> has been mentioned as an alternative.
>
> I look forward to discussion on this.
>   
 

Mime
View raw message