incubator-cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Zlatanov <...@lifelogs.com>
Subject Re: Further enhancments in j.a.c.auth
Date Wed, 10 Mar 2010 14:15:28 GMT
On Tue, 09 Mar 2010 22:42:33 +0100 Morten Wegelbye Nissen <mwn@monit.dk> wrote: 

MWN> In simple authenticator its possible to configure passwords to be
MWN> stored as MD5 sums - for a security sucker there is two problems here.
MWN> MD5 is broken[1].

(I wrote some of the auth code, including SimpleAuthenticator)

MD5 is fast and better than no hashing at all.  It's not *easy* to
extract the original password from an unsalted MD5 hash, either.

SimpleAuthenticator is not intended to be a comprehensive security
solution.  You should be using LDAP/AD/whatever works in your
environment and write your own authenticator.  That's why the
IAuthenticator can be specified in the configuration.

I plan to write a generic LDAP/AD IAuthenticator in the near future but
haven't had the time.  It wouldn't be terribly difficult if you're
interested.

MWN> There is no salt added to clear value, means if two users choose to
MWN> have same password, the encoded values would be the same.  I
MWN> suggest that someone add support for a alternative hashing
MWN> algorithm. And that the hash is calculated with some
MWN> prefix. (username maybe)

MWN> I know the present is better then having the passwords in
MWN> cleartext. But, when a user choose to enable the password hashing,
MWN> it's for a reason. And there is no reason to choose to jump into the
MWN> common security pitfalls :)

Perhaps it was a mistake to include MD5 hashing at all, but I still
think it's better than storing plain passwords.  If you have drop-in
improvements, please submit a patch.

On Tue, 9 Mar 2010 16:19:21 -0600 Jonathan Ellis <jbellis@gmail.com> wrote: 

JE> We should probably use http://www.mindrot.org/projects/jBCrypt/.
JE> (Lots of background:
JE> http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html)

jBCrypt could be a drop-in, sure.  The hashing mechanism shouldn't
matter.

JE> We kind of have a nagging feeling though that rolling our own auth
JE> framework in 2010 is the wrong approach.
JE> http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer
JE> has been mentioned as an alternative.

I look forward to discussion on this.

Ted


Mime
View raw message