Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-11022

Use SHA hashing to store password in the credentials cache

Agile BoardAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsAdd voteVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Normal
    • Resolution: Unresolved
    • 5.x
    • Feature/Authorization
    • None

    Description

      In CASSANDRA-7715 a credentials cache has been added to the PasswordAuthenticator to improve performance when multiple authentications occur for the same user.

      Unfortunately, the bcrypt hash is being cached which is one of the major performance overheads in password authentication.

      I propose that the cache is changed to use a SHA-<xxx> hash to store the user password. As long as the cache is cleared for the user on an unsuccessful authentication this won't significantly increase the ability of an attacker to use a brute force attack because every other attempt will use bcrypt.

      Attachments

        Issue Links

        is related to

        New Feature - A new feature of the product, which has yet to be developed. CASSANDRA-7715 Add a credentials cache to the PasswordAuthenticator

        • Low -
        • Resolved

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned Assign to me
            mike_tr_adamson Mike Adamson
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment