Mike Adamson created CASSANDRA-11022:
----------------------------------------
Summary: Use SHA hashing to store password in the credentials cache
Key: CASSANDRA-11022
URL: https://issues.apache.org/jira/browse/CASSANDRA-11022
Project: Cassandra
Issue Type: New Feature
Reporter: Mike Adamson
In CASSANDRA-7715 a credentials cache has been added to the
{{PasswordAuthenticator}} to improve performance when multiple authentications
occur for the same user.
Unfortunately, the bcrypt hash is being cached which is one of the major
performance overheads in password authentication.
I propose that the cache is changed to use a SHA-<xxx> hash to store the user
password. As long as the cache is cleared for the user on an unsuccessful
authentication this won't significantly increase the ability of an attacker to
use a brute force attack because every other attempt will use bcrypt.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
