[RFC PATCH] auth: detect password hashing algorithm when storing and checking passwords

Andrew Shadura andrew at shadura.me
Mon Apr 10 06:12:24 UTC 2017


On 10/04/17 02:00, Mads Kiilerich wrote:

>> I don't know anything about the status of bcrypt on Windows. Dominik,
>> could
>> you please verify what is it? Does bcrypt work at all on Windows? Does it
>> work effeciently enough? Are there any issues?
> 
> I agree we could assume that bcrypt also is available on Windows.
> 
> Also, for Python 2.7.8 or later, we could perhaps change to use
> hashlib.pbkdf2_hmac. But then we should do it for all Python
> versions (as found in LTS Linux distros) and we would have to fall back
> to some other pypi package there. But I think it would be safe to assume
> that all Windows setups always can use a "new" Python.

Yes, pbkdf2 sounds good. I was thinking about that too, but I thought
choosing a specific hash needs more research.

>> This approach has a downside: users will continue to use SHA256 until
>> they
>> change their password, so if the database leaks, attackers may check
>> (unsalted) hashes against known popular password hashes.
> 
> I guess we automatically could migrate the crypted password to the new
> algorithm every time we see a password using the old algorithm. We can
> thus "soon" deprecate sha256 completely.

I'm not sure what you mean. Do you mean migrating the passwords as they
are changed (something similar to what I proposed)? Because as we store
only hashes, we don't have a way to re-hash passwords using a different
algorithm.

>> When checking passwords, detect the hashing algorithms used to store the
>> password hach and check appropriately:
>>
>>   - bcrypt hash must start with $2a$ or $2b$
>>   - SHA256 hashes are 64 characters long
> 
> Perhaps instead, just check the password with the new algorithm first,
> then fall back to checking with the old algorithm. That would avoid the
> hardcoding of knowledge about bcrypt.

Well, indeed, as different hashes look differently, we don't risk really
the hash to match when it shouldn't. And even though checking the hash
takes slightly more time it's not something we can't afford.

-- 
Cheers,
  Andrew


More information about the kallithea-general mailing list