[RFC PATCH] auth: detect password hashing algorithm when storing and checking passwords
Mads Kiilerich
mads at kiilerich.com
Mon Apr 10 08:16:29 UTC 2017
On 04/10/2017 08:12 AM, Andrew Shadura wrote:
> Yes, pbkdf2 sounds good. I was thinking about that too, but I thought
> choosing a specific hash needs more research.
I agree. The theory could be that someone did that research and decided
on pbkdf2 and got it mainlined. That makes it a better choice than the
bcrypt module.
>>> This approach has a downside: users will continue to use SHA256 until
>>> they
>>> change their password, so if the database leaks, attackers may check
>>> (unsalted) hashes against known popular password hashes.
>> I guess we automatically could migrate the crypted password to the new
>> algorithm every time we see a password using the old algorithm. We can
>> thus "soon" deprecate sha256 completely.
> I'm not sure what you mean. Do you mean migrating the passwords as they
> are changed (something similar to what I proposed)? Because as we store
> only hashes, we don't have a way to re-hash passwords using a different
> algorithm.
I mean migrating passwords as they are checked. At that point, we
temporarily do have the cleartext password and can re-hash.
> Well, indeed, as different hashes look differently, we don't risk really
> the hash to match when it shouldn't. And even though checking the hash
> takes slightly more time it's not something we can't afford.
Yeah, especially as we move everybody to one new algorithm. The fastest
path will the common one.
/Mads
More information about the kallithea-general
mailing list