incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <>
Subject Re: Make the authenticator responsible for encoding the password and add a SHA256 salted authenticator
Date Tue, 30 Oct 2012 18:50:30 GMT
This probably breaks upgrade from 4.0. I would revert this until we find a
solution that does not break upgrades.

On 10/30/12 5:16 AM, "Hugo Trippaers" <>

>Hey all,
>I just pushed some changes to the master branch. This is change based on
>some security requirements that we have for storing passwords and hashes.
>The commit is here
>The main goal of this change was to add a new authenticator that uses the
>SHA256 algorithm and uses a salt.  This is now implemented, but to get it
>working I needed to make a few changes to how encryption was done.
>I've tested with new code with an existing database and verified that
>users can be created, can be updated (including passwords) and that they
>can login on the UI without any changes to the database. The default
>authenticator is still set to the MD5Authenticator.
>For people that want to use the new authenticator, just change the
> and add the following line '<adapter name="SHA256SALT"
>class="">' to
>UserAuthenticator. Note that this prevent any existing users for logging
>in as their passwords will be incorrect with the new authenticator.
>Below the text of the commit for reference:
>The authenticators now have an encode function that cloudstack will use
>to encode the user supplied password before storing it in the database.
>This makes it easier to add other authenticators with other hashing
>algorithms. The requires a two step approach to creating the admin
>account at first start as the authenticators are only present in the
>management-server component locator.
>The SHA256 salted authenticator make use of this new system and adds a
>hashing algorithm based on SHA256 with a salt. This type of hash is far
>less susceptible to rainbow table attacks.
>To make use of these new features the users password will be sent over
>the wire just as he typed it and it will be transformed into a hash on
>the server and compared with the stored password. This means that the
>hash will not go over the wire anymore.
>The default authenticator in components.xml is still set to md5 for
>backwards compatibility. For new installations the sha256 could be

View raw message