[ https://issues.apache.org/jira/browse/CASSANDRA-9384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16769688#comment-16769688 ]
Stefan Podkowinski commented on CASSANDRA-9384: ----------------------------------------------- First of all, this only effects users who set the {{cassandra.auth_bcrypt_gensalt_log2_rounds}} system property to 31 for insane hashing computation times (default is 10). For those who did, updating to 0.4 would now cause each bcrypt hashing call to fail ([0c28b698|https://github.com/djmdjm/jBCrypt/commit/0c28b698e79b132391be8333107040d774c79995]) and forces them to change the value to something else. I'm pretty sure you'd also have to re-create all users, to update the stored hashes again with <31 rounds to make bcrypt.hashpw() accept those. > Update jBCrypt dependency to version 0.4 > ---------------------------------------- > > Key: CASSANDRA-9384 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9384 > Project: Cassandra > Issue Type: Bug > Reporter: Sam Tunnicliffe > Assignee: Dinesh Joshi > Priority: Major > Fix For: 2.1.x, 2.2.x, 3.0.x, 3.11.x > > > https://bugzilla.mindrot.org/show_bug.cgi?id=2097 > Although the bug tracker lists it as NEW/OPEN, the release notes for 0.4 > indicate that this is now fixed, so we should update. > Thanks to [~Bereng] for identifying the issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org