Roundup Tracker - Issues

Issue 2551253

classification
Modify password PBKDF2 method to use SHA512
Type: security Severity: normal
Components: Web interface Versions:
process
Status: new
:
: : rouilj
Priority: : Effort-Medium

Created on 2022-12-23 05:01 by rouilj, last changed 2022-12-23 05:01 by rouilj.

Messages
msg7700 Author: [hidden] (rouilj) Date: 2022-12-23 05:01
We use SHA1 with PBKDF2 for hashing passwords. This requires 720,000 rounds/iterations.

Using sha512 the recommended number of rounds (setting: password_pbkdf2_default_rounds)
is 120,000 according to:

   https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2

Also OWASP suggests deprecating sha1 for sha512.

The roundup database stored password entry looks like:

  {PBKDF2}rounds$salt$password_digest_in_h_base64

e.g.

  {PBKDF2}120000$W1.gcLfmA6JKaeNhT3XPiPOZoiU$NR9QRy9VQWRUVix6cgl6cysrItA

In the rdbms databases (backends/rdbms_common.py and backends/back_*), the password
class is defined as varchar(255). I think this should allow enough space for a sha512
digest and the auxiliary fields as the digest size of sha1 is 20 and of sha512 is 64.
If we multiply the encoded digest length of 28 by 4 (since 4 * 20 > 64) I expect
the new encoded digest for sha512 to be less than 112. The rest of the fields consume
44 characters. So the total is 156 < 256. We can even add a few more bytes to
change the label {PBKDF2} to {PBKDF2-512} to mark the new format if needed.

It looks like the stored entry is using a form of the modular PHC string format
https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md.

Also there are some magic numbers in the code. keylen = 20 not sure why or if it should
be changed. This seems to just be the default value for the digest length of the
underlying hash function but I am not sure if they should be changed to use the
digest length or not.
History
Date User Action Args
2022-12-23 05:01:18rouiljcreate