Mike Adamson created CASSANDRA-11022: ----------------------------------------
Summary: Use SHA hashing to store password in the credentials cache Key: CASSANDRA-11022 URL: https://issues.apache.org/jira/browse/CASSANDRA-11022 Project: Cassandra Issue Type: New Feature Reporter: Mike Adamson In CASSANDRA-7715 a credentials cache has been added to the {{PasswordAuthenticator}} to improve performance when multiple authentications occur for the same user. Unfortunately, the bcrypt hash is being cached which is one of the major performance overheads in password authentication. I propose that the cache is changed to use a SHA-<xxx> hash to store the user password. As long as the cache is cleared for the user on an unsuccessful authentication this won't significantly increase the ability of an attacker to use a brute force attack because every other attempt will use bcrypt. -- This message was sent by Atlassian JIRA (v6.3.4#6332)