[ https://issues.apache.org/jira/browse/CASSANDRA-9384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16778536#comment-16778536 ]
Dinesh Joshi commented on CASSANDRA-9384: ----------------------------------------- bq. First of all, there's no such property in the conf or bin files, so it will most likely leave users confused and some may even think they have to add this property, in case it isn't set yet. Right, the {{cassandra.auth_bcrypt_gensalt_log2_rounds}} is not documented anywhere in Cassandra docs. It is a JVM arg that is passed into the process. My assumption was that only users who've passed in that property would know about it :). I am open to rewording it to make it clearer. What do you propose? bq. Also, what happens to existing hashes with 31 rounds? Upgrading to 0.4 will make all authentication attempts fail, see my first comment in thread. Changing the property will not solve this. So Cassandra will not accept `31` at all. The user must reduce this value prior to upgrading to this version. We can call this out explicitly in the notes. WDYT? > Update jBCrypt dependency to version 0.4 > ---------------------------------------- > > Key: CASSANDRA-9384 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9384 > Project: Cassandra > Issue Type: Bug > Reporter: Sam Tunnicliffe > Assignee: Dinesh Joshi > Priority: Major > Fix For: 2.1.x, 2.2.x, 3.0.x, 3.11.x > > > https://bugzilla.mindrot.org/show_bug.cgi?id=2097 > Although the bug tracker lists it as NEW/OPEN, the release notes for 0.4 > indicate that this is now fixed, so we should update. > Thanks to [~Bereng] for identifying the issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org