We use SHA1 with PBKDF2 for hashing passwords. This requires 720,000 rounds/iterations.

Using sha512 the recommended number of rounds (setting: password_pbkdf2_default_rounds)
is 120,000 according to:

   https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2

Also OWASP suggests deprecating sha1 for sha512.

The roundup database stored password entry looks like:

  {PBKDF2}rounds$salt$password_digest_in_h_base64

e.g.

  {PBKDF2}120000$W1.gcLfmA6JKaeNhT3XPiPOZoiU$NR9QRy9VQWRUVix6cgl6cysrItA

In the rdbms databases (backends/rdbms_common.py and backends/back_*), the password
class is defined as varchar(255). I think this should allow enough space for a sha512
digest and the auxiliary fields as the digest size of sha1 is 20 and of sha512 is 64.
If we multiply the encoded digest length of 28 by 4 (since 4 * 20 > 64) I expect
the new encoded digest for sha512 to be less than 112. The rest of the fields consume
44 characters. So the total is 156 < 256. We can even add a few more bytes to
change the label {PBKDF2} to {PBKDF2-512} to mark the new format if needed.

It looks like the stored entry is using a form of the modular PHC string format
https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md.

Also there are some magic numbers in the code. keylen = 20 not sure why or if it should
be changed. This seems to just be the default value for the digest length of the
underlying hash function but I am not sure if they should be changed to use the
digest length or not.

The keylen should be increased to the digest length of 64 for SHA512.

Multiple refs but:

  https://security.stackexchange.com/questions/110084/parameters-for-pbkdf2-for-password-
hashing

The output looks like,

  
{PBKDF2S5}2000000$n/Ut1zX1XWdsi38jhMs6gnDUKFU$BPG9ubjHv9jlGEhWTwDe1wB7OWKRZdnb2lVogm9UgIjVCu4g
oQOmiugO.5rPU1Q..SEqMpbnd21R9fLWagpv2A

it has a length of 132 chars which can be stored in the db w/o issue.
Note that 2 millions rounds is excessive for PBDKF2-SHA512. As I write this,
the recommended is 210,000 but we have room to grow.

Committed changes in rev da751d3a2138.

Note that it is not the default. To make it the default, you need to add this code to
the tracker's interfaces.py:

from roundup.password import Password
# force password with scheme PBDFK2 to get re-hashed
Password.deprecated_schemes.insert(0, Password.known_schemes[0])
# choose PBDFK2S5 as the scheme to use for reshashing.
Password.default_scheme = Password.experimental_schemes[0]

After some discussion/feedback, I'll see if this SHA512 version should be the default,
if PBDKF2-SHA1 should be migrated etc.

Also need to change the note in CHANGES.txt that references this ticket when I close it
and possibly add to upgrading.txt.

changeset:   7375:9bd7ed918121

Documented using PBKDF2-SHA512 in 2.3.0 before it becomes default.