[
https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Knut Anders Hatlen updated DERBY-4483:
--------------------------------------
Attachment: releaseNote.html
derby-4483-2a.diff
derby-4483-2a.stat
Attached is a new patch (2a) that enables the configurable hash scheme by
default in new databases. The patch makes SHA-256 the default algorithm.
SHA-256 is believed to be more secure than the currently used SHA-1 algorithm,
and it's also one of the algorithms NIST recommended U.S. Government agencies
to use instead of SHA-1 (see
http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html#Approved%20Algorithms).
The default algorithm can easily be changed, though, if someone thinks we
should have another default. Also, it's possible to change the default in a
future release just by changing the value of a constant, and that should not
have any compatibility implications that I'm aware of, so we won't be stuck
forever with the algorithm we pick here.
Making the configurable hash authentication scheme the default authentication
scheme has one known compatibility implication: Strong password substitution
when exchanging credentials between the network client and the server will not
work in new databases unless you manually disable the configurable hash
authentication scheme first (by setting the
derby.authentication.builtin.algorithm property to null). Because of this, I'm
attaching a release note as well.
Here's a description of the changes made by the patch:
- iapi/reference/Property.java: added a constant for the default value
(SHA-256) of the property that enables the new scheme
- impl/sql/catalog/DataDictionaryImpl.java: set the database property when the
database is created (note: only on database creation, so upgraded databases
will continue working the same way as before)
- tests/jdbcapi/AuthenticationTest.java: added test case to verify that the
property was initialized to SHA-256
- tests/upgradeTests/Changes10_6.java: added test case to verify that the
authentication scheme does not change on upgrade
- tests/derbynet/NSSecurityMechanismTest.java: disable the new scheme for the
test case that tests strong password substitution together with BUILTIN
authentication
All the regression tests ran cleanly with the patch. Comments on the patch and
the release note would be appreciated. Thanks.
> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>
> Key: DERBY-4483
> URL: https://issues.apache.org/jira/browse/DERBY-4483
> Project: Derby
> Issue Type: Improvement
> Components: Services
> Affects Versions: 10.5.3.0
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Priority: Minor
> Fix For: 10.6.0.0
>
> Attachments: comments.diff, derby-4483-1a.diff, derby-4483-1a.stat,
> derby-4483-2a.diff, derby-4483-2a.stat, experiment.diff, releaseNote.html,
> toHexByte.diff, upgrade-test.diff
>
>
> The BUILTIN authentication scheme protects the passwords by hashing them with
> the SHA-1 algorithm. It would be nice to have way to specify a different
> algorithm so that users can take advantage of new, stronger algorithms
> provided by their JCE provider if so desired.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
