You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Knut Anders Hatlen (Created) (JIRA)" <ji...@apache.org> on 2011/12/21 12:01:31 UTC
[jira] [Created] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
--------------------------------------------------------------------------------------------
Key: DERBY-5550
URL: https://issues.apache.org/jira/browse/DERBY-5550
Project: Derby
Issue Type: Improvement
Components: Documentation
Affects Versions: 10.9.0.0
Reporter: Knut Anders Hatlen
DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
- derby.authentication.builtin.saltLength (default: 16)
This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
- derby.authentication.builtin.iterations (default: 1000, minimum: 1)
This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Posted by "Kim Haase (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase resolved DERBY-5550.
------------------------------
Resolution: Fixed
Fix Version/s: 10.9.0.0
Issue & fix info: (was: Patch Available)
Thanks again, Knut!
Once again, no commit email, but I committed patch DERBY-5550-2.diff to documentation trunk at revision 1305875.
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-5550
> URL: https://issues.apache.org/jira/browse/DERBY-5550
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Kim Haase
> Fix For: 10.9.0.0
>
> Attachments: DERBY-5550-2.diff, DERBY-5550-2.zip, DERBY-5550.diff, DERBY-5550.stat, DERBY-5550.zip
>
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Posted by "Kim Haase (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13238403#comment-13238403 ]
Kim Haase commented on DERBY-5550:
----------------------------------
Hi, Knut,
Can you tell me whether these properties are dynamic or static?
Thanks,
Kim
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-5550
> URL: https://issues.apache.org/jira/browse/DERBY-5550
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Kim Haase
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Posted by "Knut Anders Hatlen (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239504#comment-13239504 ]
Knut Anders Hatlen commented on DERBY-5550:
-------------------------------------------
Thanks. +1 to commit.
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-5550
> URL: https://issues.apache.org/jira/browse/DERBY-5550
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Kim Haase
> Attachments: DERBY-5550-2.diff, DERBY-5550-2.zip, DERBY-5550.diff, DERBY-5550.stat, DERBY-5550.zip
>
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Posted by "Kim Haase (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase reassigned DERBY-5550:
--------------------------------
Assignee: Kim Haase
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-5550
> URL: https://issues.apache.org/jira/browse/DERBY-5550
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Kim Haase
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Posted by "Knut Anders Hatlen (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239420#comment-13239420 ]
Knut Anders Hatlen commented on DERBY-5550:
-------------------------------------------
Thanks, Kim. The changes look good and complete to me. Two tiny comments:
- Maybe we should just say "difficult" instead of "extremely difficult" in the description of the saltLength property?
- In the NATIVE authentication topic, we now say: "Two related properties are derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations, which make the encrypted passwords harder for attackers to decipher."
The properties don't necessarily make it harder for attackers, for example if they are set to values lower than their defaults. So maybe change the last clause to "which may be used to ..."?
Another small issue with that sentence is that it says the passwords are encrypted in the database (that's also said some other places in the NATIVE authentication topic). The passwords are hashed, not encrypted, so we might want to change "encrypted passwords" -> "hashed passwords" and maybe also "decipher" -> "crack".
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-5550
> URL: https://issues.apache.org/jira/browse/DERBY-5550
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Kim Haase
> Attachments: DERBY-5550.diff, DERBY-5550.stat, DERBY-5550.zip
>
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Posted by "Kim Haase (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase updated DERBY-5550:
-----------------------------
Attachment: DERBY-5550-2.zip
DERBY-5550-2.diff
Thanks very much for the comments, Knut. I've incorporated them into DERBY-5550-2.diff and DERBY-5550-2.zip, I hope. (Verbatim except for changing "may" to "can", I think.)
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-5550
> URL: https://issues.apache.org/jira/browse/DERBY-5550
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Kim Haase
> Attachments: DERBY-5550-2.diff, DERBY-5550-2.zip, DERBY-5550.diff, DERBY-5550.stat, DERBY-5550.zip
>
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Posted by "Kim Haase (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase closed DERBY-5550.
----------------------------
Changes have appeared in Latest Alpha Manuals.
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-5550
> URL: https://issues.apache.org/jira/browse/DERBY-5550
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Kim Haase
> Fix For: 10.9.0.0
>
> Attachments: DERBY-5550-2.diff, DERBY-5550-2.zip, DERBY-5550.diff, DERBY-5550.stat, DERBY-5550.zip
>
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Posted by "Knut Anders Hatlen (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13238466#comment-13238466 ]
Knut Anders Hatlen commented on DERBY-5550:
-------------------------------------------
Hi Kim,
These properties are dynamic.
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-5550
> URL: https://issues.apache.org/jira/browse/DERBY-5550
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Kim Haase
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Posted by "Kim Haase (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase updated DERBY-5550:
-----------------------------
Attachment: DERBY-5550.zip
DERBY-5550.stat
DERBY-5550.diff
Thanks very much, Knut, for the quick reply!
I'm attaching DERBY-5550.diff, DERBY-5550.stat, and DERBY-5550.zip, with changes as follows:
M src/ref/crefproper22250.dita
A src/ref/rrefproperiterations.dita
A src/ref/rrefpropersaltlength.dita
M src/ref/refderby.ditamap
M src/devguide/rdevcsecure557.dita
M src/devguide/cdevcsecurenativeauth.dita
In addition to adding topics for the two new properties, I added them to the table of properties in the Reference Manual and, in the Developer's Guide, added mentions of them to the NATIVE authentication topic and the list of authentication-related properties.
Please let me know of any changes that are needed. There might also be other topics that should mention these properties. Thanks again!
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-5550
> URL: https://issues.apache.org/jira/browse/DERBY-5550
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Kim Haase
> Attachments: DERBY-5550.diff, DERBY-5550.stat, DERBY-5550.zip
>
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (DERBY-5550) Document
derby.authentication.builtin.saltLength and
derby.authentication.builtin.iterations
Posted by "Kim Haase (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kim Haase updated DERBY-5550:
-----------------------------
Issue & fix info: Patch Available
> Document derby.authentication.builtin.saltLength and derby.authentication.builtin.iterations
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-5550
> URL: https://issues.apache.org/jira/browse/DERBY-5550
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Kim Haase
> Attachments: DERBY-5550.diff, DERBY-5550.stat, DERBY-5550.zip
>
>
> DERBY-5539 introduced two new properties that control how BUILTIN stores credentials:
> - derby.authentication.builtin.saltLength (default: 16)
> This property specifies the number of bytes of random salt that will be added to the credentials before hashing them. (Purpose of the property: Make it infeasible to construct rainbow tables.)
> - derby.authentication.builtin.iterations (default: 1000, minimum: 1)
> This property specifies the number of times to apply the hash function (which is specified by derby.authentication.builtin.algorithm) on the credentials. (Purpose of the property: Slow down attackers as they'll need to spend more time calculating hashes.)
> Both the properties have effect only if BUILTIN authentication is enabled and derby.authentication.builtin.algorithm has a non-null value.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira