Announcement

Collapse
No announcement yet.

BCrypt

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • BCrypt

    Hello,

    I looked at the BCrypt implementation (https://github.com/jeremyh/jBCrypt) and cannot understand the way voltdb uses it.
    VoltDB Stores with voltdb mask the password hashes as SHA1(password)+SHA2(password). When the Client (for example Java Client) connects to the server, the client sends the password as SHA2 hash to the server. The SetUsersInfo function - where the bcrypt password is generated (Bcrypt.hashpw) is executed when the database is started. So the Bcrypt passwords are only in memory. When the user authenticates the hashpw function is executed. Why doesn't VoltDB uses the haspw function to store the passwords?

    Thanks.

    Best regards,
    Sabrina

  • #2
    VoltDB supports SHA1 and SHA2 schemes for passwords and thus mask saves both the values in deployment file. The server does not accept taking password in cleartext instead accepts shas. BCrypt is not used for storing hex encoded shas and we only compare the those shas.

    Anish

    Comment


    • #3
      Hi Anish,

      thanks for your answer. I used the authentication in my java application two times
      properties.put("user", "sys-admin");
      properties.put("password", "securePWD");
      dbConnection = DriverManager.getConnection(DATABASE_URL, properties);
      ... // do something
      dbConnection.close();

      in the second authentication process no username and password is sent to the voltdb server. Why takes the authentication only happens one time?

      Best regards,
      Sabrina

      Comment


      • #4
        Sabrina,
        Could you please provide the original code? As you've stated, if the connection is closed, which is what you appear to have done, it should reauthenticate when opening a new connection.
        Peter Zhao
        Last edited by pzhao; 02-16-2016, 05:09 PM.

        Comment


        • #5
          Hello Peter,

          the source code is simple this:

          public ConnectTime()
          throws SQLException
          {
          long connection_time, startTime;
          float elapsedTimeSec;

          Properties properties = new Properties();
          properties.put("user", "sys-admin");
          properties.put("password", "securePWD");
          System.out.printf("securePWD");

          startTime = System.currentTimeMillis();

          dbConnection = DriverManager.getConnection(DATABASE_URL, properties);

          connection_time = System.currentTimeMillis() - startTime;
          elapsedTimeSec = connection_time / 1000F;
          System.out.printf("Time: %.4f\n", elapsedTimeSec);
          }

          /** Closes the connection to the server. */
          public void close() throws SQLException {
          dbConnection.close();
          }

          public static void main(String [] args) throws Exception {
          Class.forName(DRIVER_CLASS);
          for(int i=0; i<5; i++)
          {
          ConnectTime helloDB = new ConnectTime();
          helloDB.close();
          Thread.sleep(2000);
          }

          }

          In the wireshark trace I only see one authentication to each server in the connection pool. But the script runs five times.

          Thanks.

          Comment


          • #6
            Hi Peter,

            I can also send the wireshark trace to you.

            Best regards,
            Sabrina

            Comment

            Working...
            X