Roundup Tracker - Issues

Issue 2551253

Modify password PBKDF2 method to use SHA512
Type: security Severity: normal
Components: Web interface Versions:
Status: new
: : rouilj
Priority: : Effort-Medium

Created on 2022-12-23 05:01 by rouilj, last changed 2022-12-23 05:01 by rouilj.

msg7700 Author: [hidden] (rouilj) Date: 2022-12-23 05:01
We use SHA1 with PBKDF2 for hashing passwords. This requires 720,000 rounds/iterations.

Using sha512 the recommended number of rounds (setting: password_pbkdf2_default_rounds)
is 120,000 according to:

Also OWASP suggests deprecating sha1 for sha512.

The roundup database stored password entry looks like:




In the rdbms databases (backends/ and backends/back_*), the password
class is defined as varchar(255). I think this should allow enough space for a sha512
digest and the auxiliary fields as the digest size of sha1 is 20 and of sha512 is 64.
If we multiply the encoded digest length of 28 by 4 (since 4 * 20 > 64) I expect
the new encoded digest for sha512 to be less than 112. The rest of the fields consume
44 characters. So the total is 156 < 256. We can even add a few more bytes to
change the label {PBKDF2} to {PBKDF2-512} to mark the new format if needed.

It looks like the stored entry is using a form of the modular PHC string format

Also there are some magic numbers in the code. keylen = 20 not sure why or if it should
be changed. This seems to just be the default value for the digest length of the
underlying hash function but I am not sure if they should be changed to use the
digest length or not.
Date User Action Args
2022-12-23 05:01:18rouiljcreate