[RFC PATCH] auth: detect password hashing algorithm when storing and checking passwords
Mads Kiilerich
mads at kiilerich.com
Mon Apr 10 00:00:31 UTC 2017
On 04/07/2017 08:19 PM, Andrew Shadura wrote:
> Hi,
>
> I was thinking about unifying the hashing algorithms we use on different
> systems, and here's one of the ways of attacking the problem.
Agreed - the current situation is a mess.
> I don't know anything about the status of bcrypt on Windows. Dominik, could
> you please verify what is it? Does bcrypt work at all on Windows? Does it
> work effeciently enough? Are there any issues?
I agree we could assume that bcrypt also is available on Windows.
Also, for Python 2.7.8 or later, we could perhaps change to use
|hashlib.||pbkdf2_hmac|. But then we should do it for all Python
versions (as found in LTS Linux distros) and we would have to fall back
to some other pypi package there. But I think it would be safe to assume
that all Windows setups always can use a "new" Python.
> This approach has a downside: users will continue to use SHA256 until they
> change their password, so if the database leaks, attackers may check
> (unsalted) hashes against known popular password hashes.
I guess we automatically could migrate the crypted password to the new
algorithm every time we see a password using the old algorithm. We can
thus "soon" deprecate sha256 completely.
> When checking passwords, detect the hashing algorithms used to store the
> password hach and check appropriately:
>
> - bcrypt hash must start with $2a$ or $2b$
> - SHA256 hashes are 64 characters long
Perhaps instead, just check the password with the new algorithm first,
then fall back to checking with the old algorithm. That would avoid the
hardcoding of knowledge about bcrypt.
/Mads
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20170410/8950e01a/attachment.html>
More information about the kallithea-general
mailing list