Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-8085

Make PasswordAuthenticator number of hashing rounds configurable

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • 2.0.15, 2.1.5
    • Local/Config
    • None

    Description

      Running 2^10 rounds of bcrypt can take a while. In environments (like PHP) where connections are not typically long-lived, authenticating can add substantial overhead. On IRC, one user saw the time to connect, authenticate, and execute a query jump from 5ms to 150ms with authentication enabled (debug logs).

      CASSANDRA-7715 is a more complete fix for this, but in the meantime (and even after 7715), this is a good option.

      Attachments

        1. 8085-3.0.txt
          2 kB
          Sam Tunnicliffe
        2. 8085-2.1.txt
          2 kB
          Sam Tunnicliffe
        3. 8085-2.0.txt
          2 kB
          Tom Hobbs

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-14678 Propose reducing the default value for PasswordAuthenticator number of hashing rounds

          • Normal -
          • Resolved

          Activity

            People

              samt Sam Tunnicliffe
              thobbs Tom Hobbs
              Sam Tunnicliffe
              Robert Stupp
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: