Ted Zlatanov wrote:
On Tue, 09 Mar 2010 22:42:33 +0100 Morten Wegelbye Nissen <m...@monit.dk> wrote:
MWN> In simple authenticator its possible to configure passwords to be
MWN> stored as MD5 sums - for a security sucker there is two problems here.
MWN> MD5 is broken[1].
(I wrote some of the auth code, including SimpleAuthenticator)
MD5 is fast and better than no hashing at all. It's not *easy* to
extract the original password from an unsalted MD5 hash, either.
That its fast is more a part of the problem. Password extraction is now
boiled down to - if one choose a strong password.
But lets not go any deeper here, I guess this is not the main focus for
this project.
SimpleAuthenticator is not intended to be a comprehensive security
solution. You should be using LDAP/AD/whatever works in your
environment and write your own authenticator. That's why the
IAuthenticator can be specified in the configuration.
I love this approach.
I plan to write a generic LDAP/AD IAuthenticator in the near future but
haven't had the time. It wouldn't be terribly difficult if you're
interested.
I would love to. But I would not do it if from the beginning never would
have a chance to be part of Cassandra. (ie. I have no need for LDAP
support myself)
I browsed a little around to find a suitable place to store
configuration for such a thing, and as I see it, it would be best to
have its own configuration file. No?
MWN> There is no salt added to clear value, means if two users choose to
MWN> have same password, the encoded values would be the same. I
MWN> suggest that someone add support for a alternative hashing
MWN> algorithm. And that the hash is calculated with some
MWN> prefix. (username maybe)
MWN> I know the present is better then having the passwords in
MWN> cleartext. But, when a user choose to enable the password hashing,
MWN> it's for a reason. And there is no reason to choose to jump into the
MWN> common security pitfalls :)
Perhaps it was a mistake to include MD5 hashing at all, but I still
think it's better than storing plain passwords. If you have drop-in
improvements, please submit a patch.
On Tue, 9 Mar 2010 16:19:21 -0600 Jonathan Ellis <jbel...@gmail.com> wrote:
JE> We should probably use http://www.mindrot.org/projects/jBCrypt/.
JE> (Lots of background:
JE>
http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html)
jBCrypt could be a drop-in, sure. The hashing mechanism shouldn't
matter.
JE> We kind of have a nagging feeling though that rolling our own auth
JE> framework in 2010 is the wrong approach.
JE> http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer
JE> has been mentioned as an alternative.
I look forward to discussion on this.
