Although it's crude, websphere for example provides a simple, internal hashing algorithm to encrypt the clear text passwords. it's quite easy to decrypt the passwords ... however, it's an extra step that takes a bit more time ... as opposed to saying, "hi, here are my cleartext passwords. have fun"
even something crude like base64 encode/decode on the cleartext string would be better than clear text. when cassandra is loading the cassandra.yaml and it gets to encryption_options, it can perform a base64 decode against the encoded string. -sasha On Wed, Apr 27, 2011 at 5:09 AM, David Strauss <da...@davidstrauss.net> wrote: > On Tue, 2011-04-26 at 08:57 +0200, Sasha Dolgy wrote: >> Is it possible to store an encrypted keystore_password and >> truststore_password in the cassandra.yaml? I see that the defaults >> allow cleartext which isn't suitable when negotiating with security >> specialists for sign-off of a solution... > > If the passwords are encrypted, when and how would they be decrypted?
