couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filipe David Manana <>
Subject Re: Improving password hashing.
Date Wed, 06 Jul 2011 14:26:35 GMT
After looking at it more closely I have 1 observation.

The user's password can come either from the .ini file or from JSON
coming from an HTTP post (couch_httpd_auth:handle_session_req/1 for

I see that the password is passed to the new module, couch_passwords,
which will end up calling cryto:sha_mac(Password, Salt).

This concerns me because when the Password comes from the .ini config,
it is a string and when it comes from JSON it is an UTF-8 binary.
Before passing the password to crypto:sha_mac/2, I think it needs to
be converted to an UTF-8 binary, otherwise it doesn't produce the same
result as if it had came from JSON, example:

1> H1 = crypto:sha_mac("àbc", <<"123">>).
2> H2 = crypto:sha_mac(unicode:characters_to_binary("àbc"), <<"123">>).
3> H1 =:= H2.

On Wed, Jul 6, 2011 at 2:53 PM, Robert Newson <> wrote:
> Patch will be tidied to community standards before submission.
> The upgrade code is not yet written but should be straightforward.
> B.
> On 6 July 2011 14:50, Filipe David Manana <> wrote:
>> Looks good to me as well.
>> Minor nitpick, ideally it would respect our coding standard of not
>> having lines longer than 80 characters.
>> Good work Robert
>> On Wed, Jul 6, 2011 at 2:10 PM, Robert Newson <> wrote:
>>> Making it pluggable is probably not much more work but I have to point
>>> at that "use sha256" is an inadequate description of a secure password
>>> hashing protocol.
>>> B.
>>> On 6 July 2011 14:05, Benoit Chesneau <> wrote:
>>>> On Wed, Jul 6, 2011 at 2:43 PM, Robert Newson <>
>>>>> All,
>>>>> Our current password hashing scheme is weak. In fact, it's regarded as
>>>>> weak as plaintext. I'd like to change that.
>>>>> Some time ago I wrote some code to implement the PBKDF2 protocol. This
>>>>> is a cryptographically sound means of deriving a key from a password.
>>>>> The output is also usable as a password hash. An important part of the
>>>>> protocol is that the work factor can be increased by increasing the
>>>>> loop count. Additionally, it is not tied to a specific digest
>>>>> algorithm. All these points are not true of the sometimes proposed
>>>>> alternative called 'bcrypt' which I do not recommend.
>>>>> I would like this to go into CouchDB 1.2. New passwords, and updated
>>>>> passwords, from 1.2 onwards would use the new scheme, but 1.2 will,
>>>>> obviously, be able to verify the current style. This work will take
>>>>> place within couch_server where hash_admin_passwords currently lives.
>>>>> The PKBDF2 code is here:
>>>>> It passes all the test
>>>>> vectors.
>>>>> The ticket for this work is
>>>>> B.
>>>> That sounds good. I would prefer however a customizable hashing method
>>>> for passwords so we can change it easily depending the target. Some
>>>> administrations for example require that you use some methods (like
>>>> sha256 in europe) and it would be very useful.
>>>> - benoît
>> --
>> Filipe David Manana,
>> "Reasonable men adapt themselves to the world.
>>  Unreasonable men adapt the world to themselves.
>>  That's why all progress depends on unreasonable men."

Filipe David Manana,,

"Reasonable men adapt themselves to the world.
 Unreasonable men adapt the world to themselves.
 That's why all progress depends on unreasonable men."

View raw message