Roundup Tracker - Issues

Issue 2551145

classification
Title: consider adding scrypt or argon2 for password hashing to replace pbkdf2
Type: security Severity: normal
Components: Database Versions:
process
Status: new Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: ced, rouilj
Priority: Keywords: Effort-Medium, StarterTicket

Created on 2021-06-25 04:00 by rouilj, last changed 2021-06-29 03:31 by rouilj.

Messages
msg7289 Author: [hidden] (rouilj) Date: 2021-06-25 04:00
Time marches on and pbkdf2 isn't as resilient against GPU processors.
Increasing the rounds will help but consider adding scrypt if the
module (https://pypi.org/project/scrypt/) is available.

At this time scrypt supports python 2.7 and 3.6+.

Consider argon2 as well https://pypi.org/project/argon2-cffi/. Simiar 
language support to scrypt.

ref:
https://medium.com/analytics-vidhya/password-hashing-pbkdf2-scrypt-
bcrypt-and-argon2-e25aaf41598e
https://stackoverflow.com/questions/4433216/password-hashing-pbkdf2-
using-sha512-x-1000-vs-bcrypt
msg7290 Author: [hidden] (ced) Date: 2021-06-25 07:34
Maybe it make sense to use passlib [1] and make the hashing configurable.

[1] https://pypi.org/project/passlib/
msg7292 Author: [hidden] (rouilj) Date: 2021-06-25 13:42
Hi Cedric:

In message
<1624606499.54.0.504109235365.issue2551145@roundup.psfhosted.org>,
=?utf-8?q?C=C3=A9dric_Krier?= writes:
>Maybe it make sense to use passlib [1] and make the hashing configurable.
>
>[1] https://pypi.org/project/passlib/

Nice find.

Making hashing configurable doesn't require passlib. In general we
chose the highest security implementation. Starting from plaintext,
crypt, md5, sha, ssha, and pbkdf2 were used for hashing passwords used
internally. Upgrading occurred automatically as people logged in (if
enabled).

I think argon2 is preferred over scrypt. So the existing mechanism for
choosing a hash function can be extended to cover these cases. Do you
think it's necessary to allow the admin to explicitly choose between
scrypt and argon2?

We will never use 99% of passlib so I can't see making it a
requirement. However if passlib is installed we should use its argon2
implementation.

Thoughts?

				-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
msg7293 Author: [hidden] (ced) Date: 2021-06-25 14:32
On 2021-06-25 13:42, John Rouillard wrote:
> Making hashing configurable doesn't require passlib. In general we
> chose the highest security implementation. Starting from plaintext,
> crypt, md5, sha, ssha, and pbkdf2 were used for hashing passwords used
> internally. Upgrading occurred automatically as people logged in (if
> enabled).
> 
> I think argon2 is preferred over scrypt. So the existing mechanism for
> choosing a hash function can be extended to cover these cases. Do you
> think it's necessary to allow the admin to explicitly choose between
> scrypt and argon2?

Indeed for me it is more about relying on external library.
So you could have conservative defaults but user may use stronger
algorithm if they want and when they want.

> We will never use 99% of passlib so I can't see making it a
> requirement.

I guess this is because the internal mechanism to choose and update is
already implemented.

> However if passlib is installed we should use its argon2
> implementation.

I do not think you should use passlib just to retrieve one hash
algorithm. Indeed you could directly use the passlib dependency argon2.
History
Date User Action Args
2021-06-29 03:31:51rouiljsetkeywords: + Effort-Medium, StarterTicket
2021-06-25 14:32:02cedsetmessages: + msg7293
2021-06-25 13:42:08rouiljsetmessages: + msg7292
2021-06-25 07:34:59cedsetnosy: + ced
messages: + msg7290
2021-06-25 04:00:43rouiljcreate