incubator-cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Morten Wegelbye Nissen <>
Subject Re: Further enhancments in j.a.c.auth
Date Wed, 10 Mar 2010 23:29:25 GMT
Ted Zlatanov wrote:
> On Tue, 09 Mar 2010 22:42:33 +0100 Morten Wegelbye Nissen <> wrote:

> MWN> In simple authenticator its possible to configure passwords to be
> MWN> stored as MD5 sums - for a security sucker there is two problems here.
> MWN> MD5 is broken[1].
> (I wrote some of the auth code, including SimpleAuthenticator)
> MD5 is fast and better than no hashing at all.  It's not *easy* to
> extract the original password from an unsalted MD5 hash, either.
That its fast is more a part of the problem. Password extraction is now 
boiled down to - if one choose a strong password.
But lets not go any deeper here, I guess this is not the main focus for 
this project.
> SimpleAuthenticator is not intended to be a comprehensive security
> solution.  You should be using LDAP/AD/whatever works in your
> environment and write your own authenticator.  That's why the
> IAuthenticator can be specified in the configuration.
I love this approach.
> I plan to write a generic LDAP/AD IAuthenticator in the near future but
> haven't had the time.  It wouldn't be terribly difficult if you're
> interested.
I would love to. But I would not do it if from the beginning never would 
have a chance to be part of Cassandra. (ie. I have no need for LDAP 
support myself)

I browsed a little around to find a suitable place to store 
configuration for such a thing, and as I see it, it would be best to 
have its own configuration file. No?

> MWN> There is no salt added to clear value, means if two users choose to
> MWN> have same password, the encoded values would be the same.  I
> MWN> suggest that someone add support for a alternative hashing
> MWN> algorithm. And that the hash is calculated with some
> MWN> prefix. (username maybe)
> MWN> I know the present is better then having the passwords in
> MWN> cleartext. But, when a user choose to enable the password hashing,
> MWN> it's for a reason. And there is no reason to choose to jump into the
> MWN> common security pitfalls :)
> Perhaps it was a mistake to include MD5 hashing at all, but I still
> think it's better than storing plain passwords.  If you have drop-in
> improvements, please submit a patch.
> On Tue, 9 Mar 2010 16:19:21 -0600 Jonathan Ellis <> wrote: 
> JE> We should probably use
> JE> (Lots of background:
> JE>
> jBCrypt could be a drop-in, sure.  The hashing mechanism shouldn't
> matter.
> JE> We kind of have a nagging feeling though that rolling our own auth
> JE> framework in 2010 is the wrong approach.
> JE>
> JE> has been mentioned as an alternative.
> I look forward to discussion on this.

View raw message