New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement new password hashing (PBKDF2-SHA1) #83
base: master
Are you sure you want to change the base?
Conversation
This change allows an easy way to upgrade the password hash for the users. The PBKDF2-SHA1 hash algo was choosen cause it's the same password hash as the ejabberd XMPP server uses, and in the future we would like to implement an XMPP messaging back end to our lansuite page (www.hnx.at). This Features were tested on a Debian9 Server with apache2 and php7 (php7.0-fpm) and mariadb |
Es wäre toll, wenn sich jemand für den Review vom Pull Request finden würde. |
MD5 shouldn't even be used anymore as it has extensive security flaws and can be cracked by brute-force attack. see MD5 It should also be mentioned that this commit allows to easily add other password hasing algorithms as well. |
I will try to have a look at it during the weekend or starting next week. |
Thank you, that would be great! |
We didn't retry the upgrade scenario yet, but during development we considered the upgrade path. Here is a short scenario how it should work:
The only scenario I know of that will break the installation is if you click "Menueinträge neu schreiben" / "Rewrite Navigation" before "Datenbank updaten und verwalten" / "Update / Manage database". |
I rebased the pull request onto latest master. |
That is the only bit that concerns me. |
Yeah, the current update mechanism of LanSuite does not fit our requirements. |
I thought SHA-1 was broken? |
The SHAttered attack only showed that SHA-1 does not fulfil the collision resistance property, which is necessary for a cryptographic hash. PBKDF2 is a good variant to use a hash function for password storage. |
Thanks @lxp and sorry for the late reply. I will try to check this PR out in the next days. |
@andygrunwald Any progress on this? |
@andygrunwald Any progress on this? ;) |
@M4LuZ Sadly not. Quite busy the recent days. And I want to finish the rework of the last 4 modules. Then i will work in this here. |
In case moving away from MD5 is still an open topic, I suggest using the native |
Well PBKDF2-SHA1 is also an open implementation from php we just picked this one because it's the same xmpp uses and mainly for a singlesignon feature. |
@hnxfirefly Is using xmpp together with lansuite really that common? I don't know much about xmpp, but "single sign on" usually means doing something with oauth. Anyway, you can also do silent "upgrades" of the hash using You can even re-hash existing md5 passwords, so all users have an immediate benefit. Like so:
I don't see you are using any library, there is just a |
@m-ober the class is written by @lxp and then checked by @t-h-e and myself. And it would be nice to be extended with new hashing methods as sha1 is by now already outdated. |
Thanks for clarifying, guess I read that code a bit too fast ;) |
This change modifies the database and requires a database upgrade from within the lansuite admin area. After the database upgrade, the old MD5 user passwords will be automatically converted to PBKDF2-SHA1 on the next user login. Clan and team passwords will only be upgraded, when new passwords are set. PBKDF2-SHA1 was choosen for compatibility with the ejabberd XMPP server password storage.
d2222b3
to
b80d0e8
Compare
I updated the password hash functionality change to work with the current master. |
First, thanks a lot for this Pull Request. I updated the branch, and I was reading through this issue. It is a significant change in the right direction. Here are a few notes. Hashing algorithm
The
ChangelogWe should add a
Open questions
What is left to get this mergedI am happy to take this PR on and get this over the finish line.
Future workSeen as aftermath, once this is merged:
|
|
||
namespace LanSuite; | ||
|
||
class PasswordHash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not favor making this class with a collection of static functions. I think we could benefit more from streamlining the scope of this class a bit more by e.g., removing the dependency on the configuration and injecting the configuration into the constructor.
This would make unit testing easier as well.
I can take this on and modify the class / this PR.
@@ -174,6 +174,25 @@ | |||
</entry> | |||
</entries> | |||
</typedefinition> | |||
<typedefinition> | |||
<head> | |||
<name>passwordhashalgo</name> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am more in favor of
- splitting the long configuration parameter a bit for readability like
password_hash_algo
- not using abbreviations and making it explicit, because we are not limited in space here like
password_hashing_algorithm
I can take this on to change it.
@@ -310,6 +329,18 @@ eintagsmail.de | |||
nospamfor.us</default> | |||
<description>Email-Domain-Blacklist (Um Wegwerf-Mailadressen zu vermeiden)</description> | |||
</item> | |||
<item> | |||
<name>pwhash_algo</name> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here with the long explicit name.
I can take this on
<description>Passwort Hashing Algorithmus</description> | ||
</item> | ||
<item> | ||
<name>pwhash_algo_cfg</name> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here with the long explicit name.
I can take this on
I am also thinking of adding unit tests and if we should switch away from the self-written class towards a symfony component like https://github.com/symfony/password-hasher or https://github.com/nette/security/ There seems to be an option to make it compatible with this implementation. |
SonarCloud Quality Gate failed. 0 Bugs No Coverage information Catch issues before they fail your Quality Gate with our IDE extension SonarLint |
SonarCloud Quality Gate failed. 0 Bugs No Coverage information Catch issues before they fail your Quality Gate with our IDE extension SonarLint |
SonarCloud Quality Gate failed. 0 Bugs No Coverage information Catch issues before they fail your Quality Gate with our IDE extension SonarLint |
I agree with that.
We are still using this implementation (with PBKDF2-SHA1) on our site. However, we are not using ejabberd anymore. I understand that you might not want to support the PBKDF2-SHA1 algorithm and just go for argon2id, since argon2id is a good decision from the security standpoint. Edit: What I forgot to add: This pull request implements the classic upgrade schema that works with any algorithm changes, which we might need in the future anyway. For example, to improve on the argon2id settings. However, it has the drawback that if users do not log-in the insecure md5 hashes stay in the database. There is also an upgrade schema that allows to instantly migrate all users. We did not implement this upgrade schema, since it introduces more complexity and needs even more testing. The OWASP Password Cheatsheet has also a section about this problem: |
Quality Gate failedFailed conditions See analysis details on SonarCloud Catch issues before they fail your Quality Gate with our IDE extension SonarLint |
Just a note that I've started work on this to finally merge it. Given the age of the master-branch the PR is based on and the ton of commits that would need to be merged I've created a new branch with the original PRs. Regarding the choice of algorithm:
|
@M4LuZ I agree with your comments - Totally make sense. Also big thanks for #1114, I will review it. I think we should implement and rely on https://github.com/symfony/password-hasher.
With custom password hasher, we can implement whatever we want. See https://symfony.com/doc/current/security/passwords.html#creating-a-custom-password-hasher It also supports password migration, see https://symfony.com/doc/current/security/passwords.html#password-migration On top of this, it takes care to mark sensitive function arguments to avoid leaking those into stack traces and logs, see https://github.com/symfony/password-hasher/blob/7.0/Hasher/SodiumPasswordHasher.php#L72C52-L72C74 It also does all the extension and function checking, see https://github.com/symfony/password-hasher/blob/7.0/Hasher/SodiumPasswordHasher.php#L65 I do not favor using a weaker password algorithm by default, just because some external component does not support a newer one (jabber). What I suggest is two new config variables (in
With those two configs, we
What are your thoughts on this? |
That does make sense mid to long term.
So do I, thus the selection of SHA512 instead of SHA1.
Adding
|
This change modifies the database and requires a database upgrade
from within the lansuite admin area.
After the database upgrade, the old MD5 user passwords will be
automatically converted to PBKDF2-SHA1 on the next user login.
Clan and team passwords will only be upgraded, when new passwords
are set.
PBKDF2-SHA1 was choosen for compatibility with the ejabberd XMPP
server password storage.