[jira] [Updated] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking
[ https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Jirsa updated CASSANDRA-13626: --- Resolution: Fixed Status: Resolved (was: Ready to Commit) Nice. Dtest environment looks pretty messy today, some of the slaves are acting up. I've read through some of the console logs and even on the aborted runs, there's nothing auth related, so I'm proceeding (since it's a fairly trivial patch). Added those tests and committed as {{5e7f60f6bf5da386076faa08cefb3970a6ba5cc0}} > Check hashed password matches expected bcrypt hash format before checking > - > > Key: CASSANDRA-13626 > URL: https://issues.apache.org/jira/browse/CASSANDRA-13626 > Project: Cassandra > Issue Type: Bug > Components: Auth >Reporter: Jeff Jirsa >Assignee: Jeff Jirsa >Priority: Minor > Fix For: 3.0.15, 3.11.1, 4.0 > > > We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job > of guaranteeing that the hashed password we send to it is really a hashed > password, and {{checkpw}} does an even worse job of failing nicely. We should > at least sanity check the hash complies with the expected format prior to > validating. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking
[ https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Jirsa updated CASSANDRA-13626: --- Status: Ready to Commit (was: Patch Available) > Check hashed password matches expected bcrypt hash format before checking > - > > Key: CASSANDRA-13626 > URL: https://issues.apache.org/jira/browse/CASSANDRA-13626 > Project: Cassandra > Issue Type: Bug > Components: Auth >Reporter: Jeff Jirsa >Assignee: Jeff Jirsa >Priority: Minor > Fix For: 3.0.15, 3.11.1, 4.0 > > > We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job > of guaranteeing that the hashed password we send to it is really a hashed > password, and {{checkpw}} does an even worse job of failing nicely. We should > at least sanity check the hash complies with the expected format prior to > validating. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking
[ https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Jirsa updated CASSANDRA-13626: --- Fix Version/s: (was: 3.11.x) (was: 4.x) (was: 3.0.x) 4.0 3.11.1 3.0.15 > Check hashed password matches expected bcrypt hash format before checking > - > > Key: CASSANDRA-13626 > URL: https://issues.apache.org/jira/browse/CASSANDRA-13626 > Project: Cassandra > Issue Type: Bug > Components: Auth >Reporter: Jeff Jirsa >Assignee: Jeff Jirsa >Priority: Minor > Fix For: 3.0.15, 3.11.1, 4.0 > > > We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job > of guaranteeing that the hashed password we send to it is really a hashed > password, and {{checkpw}} does an even worse job of failing nicely. We should > at least sanity check the hash complies with the expected format prior to > validating. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking
[ https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sam Tunnicliffe updated CASSANDRA-13626: Reviewer: Sam Tunnicliffe > Check hashed password matches expected bcrypt hash format before checking > - > > Key: CASSANDRA-13626 > URL: https://issues.apache.org/jira/browse/CASSANDRA-13626 > Project: Cassandra > Issue Type: Bug > Components: Auth >Reporter: Jeff Jirsa >Assignee: Jeff Jirsa >Priority: Minor > Fix For: 3.0.x, 3.11.x, 4.x > > > We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job > of guaranteeing that the hashed password we send to it is really a hashed > password, and {{checkpw}} does an even worse job of failing nicely. We should > at least sanity check the hash complies with the expected format prior to > validating. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking
[ https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeff Jirsa updated CASSANDRA-13626: --- Status: Patch Available (was: Open) || branch || utest || dtest || | [3.0|https://github.com/jeffjirsa/cassandra/tree/cassandra-3.0-13626] | [3.0 circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-3.0-13626] | [3.0 dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/233/] | | [3.11|https://github.com/jeffjirsa/cassandra/tree/cassandra-3.11-13626] | [3.11 circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-3.11-13626] | [3.11 dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/234/] | | [trunk|https://github.com/jeffjirsa/cassandra/tree/cassandra-13626] | [trunk circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-13626] | [trunk dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/235/] | > Check hashed password matches expected bcrypt hash format before checking > - > > Key: CASSANDRA-13626 > URL: https://issues.apache.org/jira/browse/CASSANDRA-13626 > Project: Cassandra > Issue Type: Bug > Components: Auth >Reporter: Jeff Jirsa >Assignee: Jeff Jirsa >Priority: Minor > Fix For: 3.0.x, 3.11.x, 4.x > > > We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job > of guaranteeing that the hashed password we send to it is really a hashed > password, and {{checkpw}} does an even worse job of failing nicely. We should > at least sanity check the hash complies with the expected format prior to > validating. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org