[jira] [Commented] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking

Wed, 30 Aug 2017 10:41:33 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16147668#comment-16147668
 ] 

Jeff Jirsa commented on CASSANDRA-13626:
----------------------------------------

Sam and I talked about this a bit offline, a few notes for those following 
along:
- The length is 60 now, but may be 59 with other bcrypt variants, and may be 
some other length in the future. The two components of the length that were 
chosen before (salt+digest) were expected to be fixed length, which is true now 
but may not be true later). ID is definitely variable length now, though. 
- We don't want a real regex, for a few reasons (combination of futureproofing 
and the risk of introducing auth weaknesses) - we should let bcrypt handle the 
hash, we don't need to get involved.
- We can be less invasive here and make it slightly more testable by breaking 
the hash check into its own static function 

Force pushed branches that simplifies things a bit, makes it less arbitrary.

|| branch || utest || dtest ||
| [3.0|https://github.com/jeffjirsa/cassandra/tree/cassandra-3.0-13626] | [3.0 
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-3.0-13626] | 
[3.0 
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/244/]
 |
| [3.11|https://github.com/jeffjirsa/cassandra/tree/cassandra-3.11-13626] | 
[3.11 
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-3.11-13626] | 
[3.11 
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/245/]
 |
| [trunk|https://github.com/jeffjirsa/cassandra/tree/cassandra-13626] | [trunk 
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-13626] | 
[trunk 
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/246/]
 |


> Check hashed password matches expected bcrypt hash format before checking
> -------------------------------------------------------------------------
>
>                 Key: CASSANDRA-13626
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13626
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Auth
>            Reporter: Jeff Jirsa
>            Assignee: Jeff Jirsa
>            Priority: Minor
>             Fix For: 3.0.x, 3.11.x, 4.x
>
>
> We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job 
> of guaranteeing that the hashed password we send to it is really a hashed 
> password, and {{checkpw}} does an even worse job of failing nicely. We should 
> at least sanity check the hash complies with the expected format prior to 
> validating.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to