[jira] [Commented] (DERBY-5622) Reduce the chance for hash collisions when checking bootPassword at boot time and when changing password.

Tue, 03 Jul 2012 12:44:36 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-5622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13405983#comment-13405983
 ] 

Rick Hillegas commented on DERBY-5622:
--------------------------------------

Thanks for verifying the patch, Dag. Committed 
derby-5622-01-aa-decryptEncryptedSample.diff at subversion revision 1356749.
                
> Reduce the chance for hash collisions when checking bootPassword at boot time 
> and when changing password.
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-5622
>                 URL: https://issues.apache.org/jira/browse/DERBY-5622
>             Project: Derby
>          Issue Type: Improvement
>          Components: Store
>            Reporter: Dag H. Wanvik
>         Attachments: derby-5622-01-aa-decryptEncryptedSample.diff, 
> derby-5622-TT-fixWithTestScaffolding.diff, derby-5622-instrumentation.diff, 
> derby-5622-repro.sql, repro.sh
>
>
> There are two issues, already seen in DERBY-2687:
>    "the boot issue": there is a 1/2**16 chance that a wrong bootPassword will 
> allow boot to proceed (but since its decoded key is wrong the boot will fail).
>    "the password change" issue: similarly, there is a chance that the wrong 
> bootPassword will be accepted trying to change it via 
>     SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('bootPassword', ...) at least for 
> algorithms that do not check IV (initialization vector) in addition to the
>     digest, e.g. "DES/ECB/NoPadding"
> The latter case may lead to data corruption, cf. DERBY-2687 discussion. I 
> think the risk is fairly low, though: One would need to have execution 
> permission to change the property if SQL authorization is used, and in most 
> scenarios the supplied existing password would be correct. But since the 
> results can be bad, it would be good to reduce or eliminate the risk.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to