[jira] [Commented] (ACCUMULO-1720) Accumulo saves the root user's password in the clear in Zookeeper

Wed, 18 Sep 2013 00:36:52 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-1720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770533#comment-13770533
 ] 

Michael Allen commented on ACCUMULO-1720:
-----------------------------------------

I think I have misread the code here; clearly, the code does salt and hash the 
passwords.

ZKAuthenticator.initializeSecurity(...)  ...

             constructUser(principal, ZKSecurityTool.createPass(token));

ZKSecurityTool.createPass(...) ...

    byte[] salt = generateSalt();
    return convertPass(password, salt);

ZKSecurityTool.convertPass(....) ...

    byte[] hashed = hash(plainSalt);

ZKSecurityTool.hash(...) ...

    MessageDigest md = MessageDigest.getInstance(Constants.PW_HASH_ALGORITHM);
    md.update(raw);
    return md.digest();


When I was inspecting this code (with apparently too little sleep), I missed 
the hash() step in convertPass().  However, when I was trying to confirm my 
suspicion, I tried grepping for my usual password for root when I'm developing 
("secret") in the ZooKeeper raw data files and got more than a few hits within 
the binary data.  Not sure what that's about.

Anyway, this bug isn't a bug, thank goodness.

                
> Accumulo saves the root user's password in the clear in Zookeeper
> -----------------------------------------------------------------
>
>                 Key: ACCUMULO-1720
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1720
>             Project: Accumulo
>          Issue Type: Bug
>          Components: tserver
>    Affects Versions: 1.5.0
>            Reporter: Michael Allen
>
> In reviewing some of the security around users, it came to my attention that 
> Accumulo stores the root user's password within Zookeeper in the clear.  
> Grepping through Zookeeper's data files proves this out (as does inspecting 
> the code).
> This passwords should be stored heavily salted and hashed, as the other user 
> passwords are.  Is there any reason why it isn't?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to