ctubbsii commented on pull request #1787: URL: https://github.com/apache/accumulo/pull/1787#issuecomment-729251958
> @ctubbsii is your request specifically that the PR be changed to allow for upgrades that maintain user credentials? I didn't necessarily have a request. Just an observation that merging this as-is would break users on upgrade, and that it overlapped with an old JIRA issue. > e.g. would an approach where the algorithm is configurable but defaults to the current SHA-256 be acceptable? that would allow existing users to continue to work as-is while allowing those with more stringent requirements to make a trade-off decision on starting from a new set of user credentials vs trying to get an exception in a certification process? That approach would allow new users to use stronger hashing, while not affecting current users. However, if we make it configurable, that would provide a path for eager security-conscious users to break themselves by switching the algorithm. I think a better approach would be to implement an upgrade path to SHA-512 by detecting the old format when a user authenticates, and the system automatically replacing it with a new ZK node using the crypt(3) format with commons-codec. On startup, we can warn if there are any users in ZK that have passwords hashed with the old format, with instructions to authenticate to upgrade. This would take care of the upgrade issue, ensure stronger security by default, would not allow users to break themselves, and would use a standard serialization that is robust in the face of new algorithms being added in future. If somebody wants to do this, I know I would appreciate it, and I think it would add great value to the project. @BukrosSzabolcs is welcome to tackle it, if they are interested. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
