[
https://issues.apache.org/jira/browse/CASSANDRA-9384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16769688#comment-16769688
]
Stefan Podkowinski commented on CASSANDRA-9384:
-----------------------------------------------
First of all, this only effects users who set the
{{cassandra.auth_bcrypt_gensalt_log2_rounds}} system property to 31 for insane
hashing computation times (default is 10). For those who did, updating to 0.4
would now cause each bcrypt hashing call to fail
([0c28b698|https://github.com/djmdjm/jBCrypt/commit/0c28b698e79b132391be8333107040d774c79995])
and forces them to change the value to something else. I'm pretty sure you'd
also have to re-create all users, to update the stored hashes again with <31
rounds to make bcrypt.hashpw() accept those.
> Update jBCrypt dependency to version 0.4
> ----------------------------------------
>
> Key: CASSANDRA-9384
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9384
> Project: Cassandra
> Issue Type: Bug
> Reporter: Sam Tunnicliffe
> Assignee: Dinesh Joshi
> Priority: Major
> Fix For: 2.1.x, 2.2.x, 3.0.x, 3.11.x
>
>
> https://bugzilla.mindrot.org/show_bug.cgi?id=2097
> Although the bug tracker lists it as NEW/OPEN, the release notes for 0.4
> indicate that this is now fixed, so we should update.
> Thanks to [~Bereng] for identifying the issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
