On Wednesday, February 13, 2013 at 2:42 PM, Antoine Pitrou wrote: > Donald Stufft <donald.stufft <at> gmail.com (http://gmail.com)> writes: > > > > There's no way to determine if users have changed their password. The > > passlib > > branch will be deployed with automatic migration upon logging in turned > > off. > > > > > So why is the automatic migration turned off? Why not migrate everything > at once as originally proposed? > What's the point of deliberately keeping weak hashes in the database? > > Regards > > Antoine. > I think there's some confusion as to migration.
CURRENTLY: unsalted sha1 DESIRED: standard bcrypt MIDTERM: bcrypted sha1's The midterm "at once" is still possible, it just bcrypt's the existing sha1 passwords. This is better then unsalted sha1's but it's *worse* than just plain bcrypt. When users log in passlibcan upgrade them to just bcrypt (this can only happen when the users login because we need access to the plaintext password to do it). When I talk about the automatic migration upon logging in being turned off it's this "when I log in upgrade me from sha1 or bcrypt+sha1 to just bcrypt" The reasoning for having the automated migration turned off is so we can determine who has manually changed their password (or is a newly registered user) by seeing if their password is hashed with bcrypt instead of either bcrypt+sha1 or just sha1. Now with only a weeks timeline I don't think it's particularly important to migrate the database from sha1 to bcrypt+sha1 because that code is not well tested (I tried to test it manually but there may be edge cases and such) however both sha1 and bcrypt by themselves are well tested. So yes for that week if the DB gets stolen we will be vulnerable to those passwords being bruteforced, but with an upcoming forced reset that risk is pretty minimal and the risk of my custom bcrypt+sha1 code breaking in an edge case is higher.
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
