Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A2E974009 for ; Tue, 17 May 2011 20:03:59 +0000 (UTC) Received: (qmail 29130 invoked by uid 500); 17 May 2011 20:03:57 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 29106 invoked by uid 500); 17 May 2011 20:03:57 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 29092 invoked by uid 99); 17 May 2011 20:03:57 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 May 2011 20:03:57 +0000 X-ASF-Spam-Status: No, hits=3.3 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,TRACKER_ID X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [208.113.200.5] (HELO homiemail-a40.g.dreamhost.com) (208.113.200.5) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 May 2011 20:03:52 +0000 Received: from homiemail-a40.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a40.g.dreamhost.com (Postfix) with ESMTP id 122B374C058 for ; Tue, 17 May 2011 13:03:31 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=thelastpickle.com; h=from :mime-version:content-type:subject:date:in-reply-to:to :references:message-id; q=dns; s=thelastpickle.com; b=nT0R9Rl+NA d2zRhIpf/JdouEmgtOmVXJaFj1RbgfJn2CT0R1YLKRNr+xbM0nu8Uf/e/LjKimAK aP+JytUQrG51ollW+niuHL+XweCs2dx7rYtxuBzKHNhd7CtZPTneigOq2qQx8z9X iC5cbo49ivQ34Huw1rWa7JhqITKX8hXlA= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=thelastpickle.com; h=from :mime-version:content-type:subject:date:in-reply-to:to :references:message-id; s=thelastpickle.com; bh=mObOt8USropSGUKl tPDdSUXa0e0=; b=iDCB72IIiOqQId75DdSe59frAgRevneImsYYtXwPw4gGlBqs njFlTR9qCKDLdFyAfpA4DSTg+HcmjIB0VrsEIagN/Dj8gdikYhuvBUpBQIDdCUCo Lkt1G9UYwZr+YWSuUYB5FNCRBYN+XyocaScWO35ySIgEr0j2DxsgXvr4nH8= Received: from [10.0.1.151] (121-73-157-230.cable.telstraclear.net [121.73.157.230]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: aaron@thelastpickle.com) by homiemail-a40.g.dreamhost.com (Postfix) with ESMTPSA id 48BE174C06E for ; Tue, 17 May 2011 13:03:30 -0700 (PDT) From: aaron morton Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: multipart/alternative; boundary=Apple-Mail-21-937892837 Subject: Re: Questions about using MD5 encryption with SimpleAuthenticator Date: Wed, 18 May 2011 08:03:27 +1200 In-Reply-To: To: user@cassandra.apache.org References: Message-Id: <74770DAE-665B-41D4-8A76-3FBD1BA0A27C@thelastpickle.com> X-Mailer: Apple Mail (2.1084) --Apple-Mail-21-937892837 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Use the plain text password via the cli, the server will make a hash and = compare it to the one in the file.=20 wrt SHA-2 I'm not a security guy but MD5 is probably "good enough" for = the problem of storing passwords in plain text in a file.=20 Hope that helps.=20 ----------------- Aaron Morton Freelance Cassandra Developer @aaronmorton http://www.thelastpickle.com On 17 May 2011, at 10:59, Sameer Farooqui wrote: > By the way, just noticed a typo in my email below. I'm using the = correct keyspace name in all locations on the cluster... however in my = examples below, I used MyKeyspace in some spots and MDR in other spots, = but in the cluster I'm specifying the same keyspace name everywhere, so = that's not the issue. >=20 > - Sameer >=20 >=20 > On Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui = wrote: > Hi all, >=20 > We are trying to use MD5 encrypted passwords. Quick question first - = Is SHA-2 supported yet? US-CERT of the U. S. Department of Homeland = Security has said that MD5 "should be considered cryptographically = broken and unsuitable for further use=94, and SHA-2 family of hash = functions is recommended. >=20 > The issue I'm seeing is that when I turn on MD5 encryption, I can't = log into the cluster from Cassandra-CLI (I get a login failure). >=20 > The cassandra.in.sh file has been changed as so: >=20 > JVM_OPTS=3D" > = -Dpasswd.properties=3D/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passw= d.properties \ > = -Daccess.properties=3D/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/acces= s.properties \ > -Dpasswd.mode=3DMD5" >=20 >=20 > And I ran this python script to generate a MD5 hash: > ubuntu@darknet:~$ python > Python 2.6.6 (r266:84292, Sep 15 2010, 15:52:39) > [GCC 4.4.5] on linux2 > Type "help", "copyright", "credits" or "license" for more information. > >>> from hashlib import md5 > >>> p =3D "nosql" > >>> h =3D md5(p).hexdigest() > >>> print h > 9fa1b39e7eb877367213e6f7e37d0b01 >=20 >=20 > Then I updated the passwd.properties file with the new hashed = password: > jdoe=3D9fa1b39e7eb877367213e6f7e37d0b01 >=20 >=20 > Also, the access.properties file is properly set so that jdoe has rw = access to the keyspace and CF: > MyKeyspace.=3Djdoe,jsmith > MyKeyspace.MyCF.=3Djsmith,jdoe >=20 >=20 > But when I try to connect to the cluster now, I'm getting a login = failure. I have tried a few different ways of connecting: >=20 > Ran this from the Cassandra CLI:=20 > [default@unknown] connect = ec2-50-19-26-189.compute-1.amazonaws.com/9160 jdoe = '9fa1b39e7eb877367213e6f7e37d0b01'; > Login failure. Did you specify 'keyspace', 'username' and 'password'? >=20 >=20 > Ran these from the Ubuntu CLI: > ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ = bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u = jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR > Login failure. Did you specify 'keyspace', 'username' and 'password'? >=20 >=20 > ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ = bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 -u = jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR > Login failure. Did you specify 'keyspace', 'username' and 'password'? >=20 >=20 > Hmm, what am I doing wrong? >=20 > - Sameer >=20 >=20 >=20 --Apple-Mail-21-937892837 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252 Use = the plain text password via the cli, the server will make a hash and = compare it to the one in the file. 

wrt SHA-2 = I'm not a security guy but MD5 is probably "good enough" for the problem = of storing passwords in plain text in a = file. 

Hope that = helps. 

http://www.thelastpickle.com

On 17 May 2011, at 10:59, Sameer Farooqui wrote:

By the = way, just noticed a typo in my email below. I'm using the correct = keyspace name in all locations on the cluster... however in my examples = below, I used MyKeyspace in some spots and MDR in other spots, but = in the cluster I'm specifying the same keyspace name everywhere, so = that's not the issue.

- Sameer


On = Mon, May 16, 2011 at 3:55 PM, Sameer Farooqui <cassandralabs@gmail.com> wrote:
Hi = all,

We are trying to use MD5 encrypted passwords. = Quick question first - Is SHA-2 supported yet? US-CERT of the U. S. Department of Homeland Security has said that MD5 "should = be considered cryptographically broken and unsuitable for further use=94, = and SHA-2 family of hash functions is recommended.

The issue I'm seeing is that = when I turn on MD5 encryption, I can't log into the cluster from = Cassandra-CLI (I get a login failure).

The cassandra.in.sh file has been changed as = so:

JVM_OPTS=3D"
    =     = -Dpasswd.properties=3D/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/passw= d.properties \
        = -Daccess.properties=3D/home/ubuntu/apache-cassandra-0.8.0-beta1/conf/acces= s.properties \
        = -Dpasswd.mode=3DMD5"


And I = ran this python script to generate a MD5 hash:
ubuntu@darknet:~$ python
Python 2.6.6 (r266:84292, = Sep 15 2010, 15:52:39)
[GCC 4.4.5] on linux2
Type = "help", "copyright", "credits" or "license" for more information.
>>> from hashlib import md5
>>> p =3D = "nosql"
>>> h =3D = md5(p).hexdigest()
>>> print = h
9fa1b39e7eb877367213e6f7e37d0b01


Then I updated the passwd.properties file = with the new hashed = password:
jdoe=3D9fa1b39e7eb877367213e6f7e37d0b01


Also, the access.properties file is = properly set so that jdoe has rw access to the keyspace and CF:
=
MyKeyspace.<rw>=3Djdoe,jsmith
MyKeysp= ace.MyCF.<rw>=3Djsmith,jdoe


But when I try to connect to the cluster now, I'm getting a login = failure. I have tried a few different ways of connecting:

Ran this from the Cassandra = CLI: 
[default@unknown] connect ec2-50-19-26-189.compute-1.amazonaws.com/9160 jdoe = '9fa1b39e7eb877367213e6f7e37d0b01';
Login failure. Did you specify 'keyspace', 'username' and = 'password'?


Ran these from the = Ubuntu = CLI:
ubuntu@domU-12-31-39-0C-D9-13:~/apache-cassandra-0.8.0= -beta1$ bin/cassandra-cli -h ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 = -u jdoe -pw 9fa1b39e7eb877367213e6f7e37d0b01 -k MDR
Login failure. Did you specify 'keyspace', 'username' and = 'password'?


ubuntu@domU= -12-31-39-0C-D9-13:~/apache-cassandra-0.8.0-beta1$ bin/cassandra-cli -h = ec2-50-19-26-189.compute-1.amazonaws.com -p 9160 = -u jdoe -pw '9fa1b39e7eb877367213e6f7e37d0b01' -k MDR
Login failure. Did you specify 'keyspace', 'username' and = 'password'?


Hmm, what am I = doing wrong?

- Sameer




= --Apple-Mail-21-937892837--