<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 04/07/2017 08:19 PM, Andrew Shadura
wrote:<br>
</div>
<blockquote cite="mid:1f5519aa30fbdd0f1d1f.1491588543@nuevo"
type="cite">
<pre wrap="">Hi,
I was thinking about unifying the hashing algorithms we use on different
systems, and here's one of the ways of attacking the problem.</pre>
</blockquote>
<br>
Agreed - the current situation is a mess.<br>
<br>
<blockquote cite="mid:1f5519aa30fbdd0f1d1f.1491588543@nuevo"
type="cite">
<pre wrap="">I don't know anything about the status of bcrypt on Windows. Dominik, could
you please verify what is it? Does bcrypt work at all on Windows? Does it
work effeciently enough? Are there any issues?</pre>
</blockquote>
<br>
I agree we could assume that bcrypt also is available on Windows. <br>
<br>
Also, for Python 2.7.8 or later, we could perhaps change to use <code
class="descclassname">hashlib.</code><code class="descname">pbkdf2_hmac</code><span
class="sig-paren"> . But then we should do it for all Python
versions (as found in LTS Linux distros) and we would have to fall
back to some other pypi package there. But I think it would be
safe to assume that all Windows setups always can use a "new"
Python.</span><br>
<br>
<blockquote cite="mid:1f5519aa30fbdd0f1d1f.1491588543@nuevo"
type="cite">
<pre wrap="">This approach has a downside: users will continue to use SHA256 until they
change their password, so if the database leaks, attackers may check
(unsalted) hashes against known popular password hashes.</pre>
</blockquote>
<br>
I guess we automatically could migrate the crypted password to the
new algorithm every time we see a password using the old algorithm.
We can thus "soon" deprecate sha256 completely.<br>
<br>
<blockquote cite="mid:1f5519aa30fbdd0f1d1f.1491588543@nuevo"
type="cite">
<pre wrap="">When checking passwords, detect the hashing algorithms used to store the
password hach and check appropriately:
- bcrypt hash must start with $2a$ or $2b$
- SHA256 hashes are 64 characters long</pre>
</blockquote>
<br>
Perhaps instead, just check the password with the new algorithm
first, then fall back to checking with the old algorithm. That would
avoid the hardcoding of knowledge about bcrypt.<br>
<br>
<br>
/Mads
</body>
</html>