Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E61B262B2 for ; Wed, 6 Jul 2011 13:50:43 +0000 (UTC) Received: (qmail 69154 invoked by uid 500); 6 Jul 2011 13:50:43 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 69109 invoked by uid 500); 6 Jul 2011 13:50:42 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 69101 invoked by uid 99); 6 Jul 2011 13:50:42 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Jul 2011 13:50:42 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of fdmanana@gmail.com designates 74.125.83.180 as permitted sender) Received: from [74.125.83.180] (HELO mail-pv0-f180.google.com) (74.125.83.180) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Jul 2011 13:50:36 +0000 Received: by pvc21 with SMTP id 21so10283800pvc.11 for ; Wed, 06 Jul 2011 06:50:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=a00HHYULo7mzkAH3VhXnaGeh3jmPJIiHld+fWfYZo4w=; b=YBHo+WYY+uMmnQhic/s9ncBHPvDpuipUK3gDEOlj3lVgYelIE5JonnWQIUkY/NJ3SU IQWlR4/SkUaE2J2yFbke7L+uCnzV3+qFkF003Z9aGFg/ahbIk78QD3Zjf7rqN4g4xoaQ 6XY+GWeePxDJjKpgSz0lcHCE/NXLWcdAUi56c= MIME-Version: 1.0 Received: by 10.68.17.102 with SMTP id n6mr10171122pbd.419.1309960214752; Wed, 06 Jul 2011 06:50:14 -0700 (PDT) Sender: fdmanana@gmail.com Received: by 10.68.51.99 with HTTP; Wed, 6 Jul 2011 06:50:14 -0700 (PDT) In-Reply-To: References: Date: Wed, 6 Jul 2011 14:50:14 +0100 X-Google-Sender-Auth: nF1wN0Mp22LI7GsU1vLHyoRTmCY Message-ID: Subject: Re: Improving password hashing. From: Filipe David Manana To: dev@couchdb.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Looks good to me as well. Minor nitpick, ideally it would respect our coding standard of not having lines longer than 80 characters. Good work Robert On Wed, Jul 6, 2011 at 2:10 PM, Robert Newson wrote: > Making it pluggable is probably not much more work but I have to point > at that "use sha256" is an inadequate description of a secure password > hashing protocol. > > B. > > On 6 July 2011 14:05, Benoit Chesneau wrote: >> On Wed, Jul 6, 2011 at 2:43 PM, Robert Newson wrote= : >>> All, >>> >>> Our current password hashing scheme is weak. In fact, it's regarded as >>> weak as plaintext. I'd like to change that. >>> >>> Some time ago I wrote some code to implement the PBKDF2 protocol. This >>> is a cryptographically sound means of deriving a key from a password. >>> The output is also usable as a password hash. An important part of the >>> protocol is that the work factor can be increased by increasing the >>> loop count. Additionally, it is not tied to a specific digest >>> algorithm. All these points are not true of the sometimes proposed >>> alternative called 'bcrypt' which I do not recommend. >>> >>> I would like this to go into CouchDB 1.2. New passwords, and updated >>> passwords, from 1.2 onwards would use the new scheme, but 1.2 will, >>> obviously, be able to verify the current style. This work will take >>> place within couch_server where hash_admin_passwords currently lives. >>> >>> The PKBDF2 code is here: >>> https://github.com/rnewson/couchdb/tree/pbkdf2. It passes all the test >>> vectors. >>> >>> The ticket for this work is https://issues.apache.org/jira/browse/COUCH= DB-1060 >>> >>> B. >>> >> That sounds good. I would prefer however a customizable hashing method >> for passwords so we can change it easily depending the target. Some >> administrations for example require that you use some methods (like >> sha256 in europe) and it would be very useful. >> >> - beno=C3=AEt >> > --=20 Filipe David Manana, fdmanana@gmail.com, fdmanana@apache.org "Reasonable men adapt themselves to the world. =C2=A0Unreasonable men adapt the world to themselves. =C2=A0That's why all progress depends on unreasonable men."