Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-11022

Use SHA hashing to store password in the credentials cache

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Normal
    • Resolution: Unresolved
    • 5.x
    • Feature/Authorization
    • None

    Description

      In CASSANDRA-7715 a credentials cache has been added to the PasswordAuthenticator to improve performance when multiple authentications occur for the same user.

      Unfortunately, the bcrypt hash is being cached which is one of the major performance overheads in password authentication.

      I propose that the cache is changed to use a SHA-<xxx> hash to store the user password. As long as the cache is cleared for the user on an unsuccessful authentication this won't significantly increase the ability of an attacker to use a brute force attack because every other attempt will use bcrypt.

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. CASSANDRA-7715 Add a credentials cache to the PasswordAuthenticator

          • Low -
          • Resolved

          Activity

            People

              Unassigned Unassigned
              mike_tr_adamson Mike Adamson
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: