On 04/07/2017 08:19 PM, Andrew Shadura wrote:
Hi,
I was thinking about unifying the hashing algorithms we use on different
systems, and here's one of the ways of attacking the problem.
Agreed - the current situation is a mess.
I don't know anything about the status of bcrypt on Windows. Dominik, could
you please verify what is it? Does bcrypt work at all on Windows? Does it
work effeciently enough? Are there any issues?
I agree we could assume that bcrypt also is available on Windows.
Also, for Python 2.7.8 or later, we could perhaps change to use
|hashlib.||pbkdf2_hmac|. But then we should do it for all Python
versions (as found in LTS Linux distros) and we would have to fall back
to some other pypi package there. But I think it would be safe to assume
that all Windows setups always can use a "new" Python.
This approach has a downside: users will continue to use SHA256 until they
change their password, so if the database leaks, attackers may check
(unsalted) hashes against known popular password hashes.
I guess we automatically could migrate the crypted password to the new
algorithm every time we see a password using the old algorithm. We can
thus "soon" deprecate sha256 completely.
When checking passwords, detect the hashing algorithms used to store the
password hach and check appropriately:
- bcrypt hash must start with $2a$ or $2b$
- SHA256 hashes are 64 characters long
Perhaps instead, just check the password with the new algorithm first,
then fall back to checking with the old algorithm. That would avoid the
hardcoding of knowledge about bcrypt.
/Mads
_______________________________________________
kallithea-general mailing list
[email protected]
https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
