You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Nuutti Kotivuori (JIRA)" <ji...@apache.org> on 2011/02/05 18:55:30 UTC
[jira] Created: (COUCHDB-1060) CouchDB should use a secure password
hash method instead of the current one
CouchDB should use a secure password hash method instead of the current one
---------------------------------------------------------------------------
Key: COUCHDB-1060
URL: https://issues.apache.org/jira/browse/COUCHDB-1060
Project: CouchDB
Issue Type: Improvement
Components: Database Core
Affects Versions: 1.0.2
Reporter: Nuutti Kotivuori
Priority: Minor
CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Robert Newson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030510#comment-13030510 ]
Robert Newson commented on COUCHDB-1060:
----------------------------------------
Filipe,
It might be fine, but I think it misses the point. It's weird to create the value on the client side anyway. We should pass the password as entered, and let the backend salt it and digest it. The transmission should be protected by SSL, which we can do from 1.1 onwards.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.2
>
> Attachments: pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Robert Newson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Newson updated COUCHDB-1060:
-----------------------------------
Attachment: pbkdf2.erl
Fully compliant pbkdk2 module, all test vectors pass.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
> Attachments: pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Robert Newson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Newson updated COUCHDB-1060:
-----------------------------------
Attachment: pbkdf2.erl
Incomplete implementation of pbkdf2.
First two test vectors pass so it's not complete crap.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
> Attachments: pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Nuutti Kotivuori (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991063#comment-12991063 ]
Nuutti Kotivuori commented on COUCHDB-1060:
-------------------------------------------
This issue is about using something else than plain SHA hashing for: a) password hashing in couchdb configuration file, eg. local.ini, b) password hashing in _users database on disk storage. Cookie authentication hash method probably has a vulnerability as well, but that is something separate to solve and it is not what I wrote about here. Also I am not talking about online authentication attacks which are done through remotely exposed interfaces, but offline attacks that are possible when hashed passwords are obtained by some means.
If access restrictions to _users database and configuration file are in place, the passwords stored there might just as well be in plaintext - which would be fine by me. Yet they aren't, which leads me to believe somebody thinks there is some actual security given by the hash method used in those places by CouchDB.
So, to be clearer in my suggestion, I suggest the either of two options:
1) use a standard slow hash function instead of current SHA-1 solution for storing passwords
2) store passwords in plaintext, encoded in base64 (to prevent accidental exposure if shown to an admin)
The current solution gives users a false sense of security and gains very little in practice.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Klaus Trainer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991067#comment-12991067 ]
Klaus Trainer commented on COUCHDB-1060:
----------------------------------------
Thanks for clarifying.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Robert Newson (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Newson resolved COUCHDB-1060.
------------------------------------
Resolution: Fixed
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.3
>
> Attachments: 0001-Integrate-PBKDF2.patch, pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991039#comment-12991039 ]
Paul Joseph Davis commented on COUCHDB-1060:
--------------------------------------------
Alternatively, something that could be fun to play with the is the sort of thing that Zed Shaw was playing with on autho.me
http://autho.me/
That'd solve the issue of re-hashing on every request but its kinda not at all standardized.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Robert Newson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030498#comment-13030498 ]
Robert Newson commented on COUCHDB-1060:
----------------------------------------
I think Chris means the use of sha1 in jquery.couch.js or thereabouts. Calculating a pbkdf2 value in javascript being a bit tricky.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.2
>
> Attachments: pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Robert Newson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Newson updated COUCHDB-1060:
-----------------------------------
Fix Version/s: 1.2
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.2
>
> Attachments: pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Robert Newson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Newson updated COUCHDB-1060:
-----------------------------------
Attachment: 0001-Integrate-PBKDF2.patch
Integrate PBKDF2 as new default password hash algo.
Auto-updates validate_doc_update for users to include rules on new scheme.
couch.js's prepareUserDoc updated to create new scheme
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.2
>
> Attachments: 0001-Integrate-PBKDF2.patch, pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030496#comment-13030496 ]
Paul Joseph Davis commented on COUCHDB-1060:
--------------------------------------------
What server?
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.2
>
> Attachments: pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Filipe Manana (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030500#comment-13030500 ]
Filipe Manana commented on COUCHDB-1060:
----------------------------------------
Robert, https://github.com/bitwiseshiftleft/sjcl
I have no idea however if this implementation is too slow or acceptable.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.2
>
> Attachments: pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991086#comment-12991086 ]
Paul Joseph Davis commented on COUCHDB-1060:
--------------------------------------------
And I'd put my hat in the ring for UYIT896HL hashing. Its my fav.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991082#comment-12991082 ]
Paul Joseph Davis commented on COUCHDB-1060:
--------------------------------------------
Hrm, four clause BSD though. Do we do that?
Also, there's this:
http://bcrypt.sourceforge.net/
Which is three clause. Hooking it up to a NIF or port driver wouldn't be overly difficult.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Chris Anderson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030450#comment-13030450 ]
Chris Anderson commented on COUCHDB-1060:
-----------------------------------------
I love this. Currently the user passwords are too insecure. A slow hash algorithm makes offline cracking harder.
It would require changes to the API to have crypto only run on the server, but it might be simpler.
Chris
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.2
>
> Attachments: pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Randall Leeds (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991079#comment-12991079 ]
Randall Leeds commented on COUCHDB-1060:
----------------------------------------
There is an erlang-bcrypt project on github. Looks like MIT-like and BSD licensing on all the components.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Klaus Trainer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991041#comment-12991041 ]
Klaus Trainer commented on COUCHDB-1060:
----------------------------------------
Base64 is already used for basic authentication. A reason for using the hash function for cookie authentication is that you don't wanna have your password to be persitently stored in cleartext/Base64. If somebody manages to steal your cookie with that hash, she still doesn't have the password, and the hash is worthless anyway as soon as the session is closed/expired.
If you need reasonable security, talk with your couch only through SSL and use a password that's not in a dictionary.
The concern about somebody doing dictionary attacks on all _user DB entries can be met by restricting access to it.
Btw., AFAIK, an authentication cache is already used.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Robert Newson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Newson reassigned COUCHDB-1060:
--------------------------------------
Assignee: Robert Newson
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.2
>
> Attachments: pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Nuutti Kotivuori (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991032#comment-12991032 ]
Nuutti Kotivuori commented on COUCHDB-1060:
-------------------------------------------
Do note that plain HTTP authentication is somewhat problematic with these, as the password is sent as plaintext and the hash calculation has to be done by the server on each request. It's probably necessary to cache the authentication result for a certain plaintext password.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Klaus Trainer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991031#comment-12991031 ]
Klaus Trainer commented on COUCHDB-1060:
----------------------------------------
Do you really think choosing a slow hash function would be a good idea, considering that CouchDB would have to take way more CPU cycles every time somebody authenticates?
I'd approach that concern in a more pragmatic manner. For instance, you could protect the _users database, so that e.g. non-admins cannot read the salts and hashes.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Nuutti Kotivuori (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991033#comment-12991033 ]
Nuutti Kotivuori commented on COUCHDB-1060:
-------------------------------------------
The issue is about using a secure hash function *if* the hash function serves a purpose at all! If it doesn't, please replace it with base64.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Jan Lehnardt (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Lehnardt updated COUCHDB-1060:
----------------------------------
Fix Version/s: (was: 1.2)
1.3
Bump to 1.3.x.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.3
>
> Attachments: 0001-Integrate-PBKDF2.patch, pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Chris Anderson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13031452#comment-13031452 ]
Chris Anderson commented on COUCHDB-1060:
-----------------------------------------
The current implementation avoids a special server side API for creating documents in the _users database. Architecturally, I am fine with a special API for the user's database -- however it may make sense to keep it in the "shape" of the CouchDB API. So for instance creating a user would go through an _update function, which could compute the salt and hash, before storing in the _users db.
The alternative would be to define a custom endpoint for POST requests to create documents in the user db, and then we'd have to bike-shed and document that API.
However if someone wants to write all that code, I won't stop you. If energy is going to poured in here, the other thing we should consider is a "write-only" database mode, so that users can PUT and POST, but not GET. In this case the _update function would still be a good way to do the salt and hashing. Anyway, this is a distinct topic but related.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Assignee: Robert Newson
> Priority: Minor
> Fix For: 1.2
>
> Attachments: pbkdf2.erl, pbkdf2.erl
>
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Randall Leeds (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991080#comment-12991080 ]
Randall Leeds commented on COUCHDB-1060:
----------------------------------------
Whoops. Link: https://github.com/skarab/erlang-bcrypt
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Robert Newson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991034#comment-12991034 ]
Robert Newson commented on COUCHDB-1060:
----------------------------------------
I think the point is that our current scheme is equivalent to plaintext passwords (the work factor is simply too low to quibble over).
The overhead ought to be low enough, but we'll have to measure.
BTW: I *HATE* new Jira. They appear to have overridden common key sequences (ctrl-a takes you to a custom Administration menu up there ^^ and not beginning-of-line like normal). Plus, my goodness, it's ugly.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (COUCHDB-1060) CouchDB should use a secure
password hash method instead of the current one
Posted by "Robert Newson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991083#comment-12991083 ]
Robert Newson commented on COUCHDB-1060:
----------------------------------------
If we're doing this, I'd much rather see PBKDF2 than bcrypt.
> CouchDB should use a secure password hash method instead of the current one
> ---------------------------------------------------------------------------
>
> Key: COUCHDB-1060
> URL: https://issues.apache.org/jira/browse/COUCHDB-1060
> Project: CouchDB
> Issue Type: Improvement
> Components: Database Core
> Affects Versions: 1.0.2
> Reporter: Nuutti Kotivuori
> Priority: Minor
>
> CouchDB passwords are stored in a salted, hashed format of a 128-bit salt combined with the password under SHA-1. This method thwarts rainbow table attacks, but is utterly ineffective against any dictionary attacks as computing SHA-1 is very fast indeed.
> If passwords are to be stored in a non-plaintext equivalent format, the hash function needs to be a "slow" hash function. Suitable candidates for this could be bcrypt, scrypt and PBKDF2. Of the choices, only PBKDF2 is really widely used, standardized and goverment approved. (Note: don't be fooled that the PBKDF2 is a "key derivation" function - in this case, it is exactly the same thing as a slow password hash.)
> http://en.wikipedia.org/wiki/PBKDF2
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira