[
https://issues.apache.org/jira/browse/DERBY-2687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13208598#comment-13208598
]
Dag H. Wanvik commented on DERBY-2687:
--------------------------------------
Thanks, Knut. That was the piece missing I was missing last night :) Well, that
accounts from the wrong boots we have seen: the check done to allow a boot
attempt only relies on the two byte digest.
The case of the wrong password change allowed ("thursday" vs "Thursday"), that
is more unlikely as far as I can see: in that case, we use
the boot password to decrypt the key, and use that to generate an
initialization vector IV (8 bytes), cf the method in JCECipherFactory:
private byte[] generateIV(byte[] secretKey)
There is a small change of a collision here too: we transform the bogus
secretKey (8 bytes) to an IV, which is compared against the exisiting one
produced with the correct key (decrypted with the correct boothashword at boot
time). Note we only changed one bit in the boot hashword ('T'->'t'): that might
increase the likelihood that we decoded a (albeit wrong) key, but similar, for
which we would get the same IV as for the correct key.
If so, the change of boot password would succeed. Depending on the uniformity
or the computation of the IV hashing, the likelihood of this would vary, but
its not impossible as far as I can see.
> store/encryptDatabase.sql fails intermittently with ClassNotFoundException,
> Log Corrupted
> -----------------------------------------------------------------------------------------
>
> Key: DERBY-2687
> URL: https://issues.apache.org/jira/browse/DERBY-2687
> Project: Derby
> Issue Type: Bug
> Components: Store
> Affects Versions: 10.2.2.1, 10.3.1.4
> Environment: Microsoft Windows XP Professional - 5.1.2600 Service
> Pack 2, Sun JVM 1.4.2_08-b03, 10.2.2.1.
> SUSE Linux Enterprise Server 10 (x86_64) (Linux 2.6.16.21-0.8-smp), Sun JVM
> 1.6.0_01-b06, trunk (SVN 531991).
> Solaris 10 x86, Sun JVM 1.5.0, SVN 371617 (2006-01-23).
> Solaris 9 SPARC, Sun JVM 1.5.0, SVN 169872 (2005-05-13).
> etc...
> Reporter: John H. Embretsen
> Labels: derby_triage10_5_2
> Attachments: derby.log, tmp-82.zip, wombat.zip
>
>
> Failure seen in derbyall/encryptionAll run on WinXP (10.2.2.1). So far unable
> to reproduce (standalone or as part of derbyall, encryptionAll or
> encryptionBlowfish).
> <method>
> store/encryptDatabase.sql
> </method>
> <signature>
> Failure details:
> ********* Diff file
> derbyall/encryptionAll/encryptionBlowfish/encryptDatabase.diff
> *** Start: encryptDatabase jdk1.4.2_08 encryptionAll:encryptionBlowfish
> 2007-05-21 05:07:55 ***
> 95 del
> < ERROR XBM06: Startup failed. An encrypted database cannot be accessed
> without the correct boot password.
> 95a95
> > ERROR XJ001: Java exception: 'ERROR XBM0U: No class was registered for
> > identifier 15009.: java.lang.ClassNotFoundException'.
> Test Failed.
> *** End: encryptDatabase jdk1.4.2_08 encryptionAll:encryptionBlowfish
> 2007-05-21 05:08:12 ***
> </signature>
> derby.log also reports "ERROR XSLA3: Log Corrupted, has invalid data in the
> log stream."
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
