[
https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16147668#comment-16147668
]
Jeff Jirsa edited comment on CASSANDRA-13626 at 8/30/17 9:42 PM:
-----------------------------------------------------------------
Sam and I talked about this a bit offline, a few notes for those following
along:
- The length is 60 now, but may be 59 with other bcrypt variants, and may be
some other length in the future. The two components of the length that were
chosen before (salt+digest) were expected to be fixed length, which is true now
but may not be true later). ID is definitely variable length now, though.
- We don't want a real regex, for a few reasons (combination of futureproofing
and the risk of introducing auth weaknesses) - we should let bcrypt handle the
hash, we don't need to get involved.
- We can be less invasive here and make it slightly more testable by breaking
the hash check into its own static function
Force pushed branches that simplifies things a bit, makes it less arbitrary.
|| branch || utest || dtest ||
| [3.0|https://github.com/jeffjirsa/cassandra/tree/cassandra-3.0-13626] | [3.0
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-3.0-13626] |
[3.0
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/251/]
|
| [3.11|https://github.com/jeffjirsa/cassandra/tree/cassandra-3.11-13626] |
[3.11
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-3.11-13626] |
[3.11
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/252/]
|
| [trunk|https://github.com/jeffjirsa/cassandra/tree/cassandra-13626] | [trunk
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-13626] |
[trunk
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/253/]
|
was (Author: jjirsa):
Sam and I talked about this a bit offline, a few notes for those following
along:
- The length is 60 now, but may be 59 with other bcrypt variants, and may be
some other length in the future. The two components of the length that were
chosen before (salt+digest) were expected to be fixed length, which is true now
but may not be true later). ID is definitely variable length now, though.
- We don't want a real regex, for a few reasons (combination of futureproofing
and the risk of introducing auth weaknesses) - we should let bcrypt handle the
hash, we don't need to get involved.
- We can be less invasive here and make it slightly more testable by breaking
the hash check into its own static function
Force pushed branches that simplifies things a bit, makes it less arbitrary.
|| branch || utest || dtest ||
| [3.0|https://github.com/jeffjirsa/cassandra/tree/cassandra-3.0-13626] | [3.0
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-3.0-13626] |
[3.0
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/244/]
|
| [3.11|https://github.com/jeffjirsa/cassandra/tree/cassandra-3.11-13626] |
[3.11
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-3.11-13626] |
[3.11
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/245/]
|
| [trunk|https://github.com/jeffjirsa/cassandra/tree/cassandra-13626] | [trunk
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-13626] |
[trunk
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/246/]
|
> Check hashed password matches expected bcrypt hash format before checking
> -------------------------------------------------------------------------
>
> Key: CASSANDRA-13626
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13626
> Project: Cassandra
> Issue Type: Bug
> Components: Auth
> Reporter: Jeff Jirsa
> Assignee: Jeff Jirsa
> Priority: Minor
> Fix For: 3.0.x, 3.11.x, 4.x
>
>
> We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job
> of guaranteeing that the hashed password we send to it is really a hashed
> password, and {{checkpw}} does an even worse job of failing nicely. We should
> at least sanity check the hash complies with the expected format prior to
> validating.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
