bcrypt password hash? #77

Closed
peta15 opened this Issue Jul 17, 2012 · 8 comments

4 participants

@peta15
Collaborator

Currently we use SHA512 which is excellent but a user noted that bcrypt might be even better (see http://stackoverflow.com/questions/11458969/google-app-engine-choosing-the-right-direction/11496978#11496978). @coto have you looked at bcrypt? I've seen that it is much stronger but also much slower (see http://stackoverflow.com/questions/11393564/bcrypt-in-python).

Note rather than replacing SHA512 we could add it as an option to the encrypt utility function if its an easy option.

@coto
Owner

haha funny, we want the same in this project.... yes, strongly agree.
bcrypt IMO is the best one (used by the most secure OS - openBSD)

Interesting reading http://throwingfire.com/storing-passwords-securely/

@MaikKlein

The only problem is that bcrypt has to be implemented in python which results in a security loss. (still better than sha512)

Also the whole salting+secret is wrong. I will fix this next week.

@coto
Owner

HI @kantaki you mean fix this issue with bcrypt, but you think is not the best option?

@MaikKlein

It's still better than Sha512. The problem is that (correct me if I am wrong) you can only use pure python on GAE. Probably the biggest issue atm.

You also used the salt as a secret. But salt should be generated randomly every time with the same size of the hashing algorithm, to prevent rainbow tables for example.

for example:

key="password"
secret="IAMSECRET"
salt = os.random(128).encode("base64")
hashing(key+secret+salt)

don't use os.random. Bcrypt has it's own random function, where you can define the 'log' value

You should also store the salt in a separate database.

Don't trust me blindly, I am still learning by myself.

@coto
Owner
@MaikKlein

I know that you can do this :).

The problem with python bcrypt is that python is around 10 times slower than c. That makes the python version less secure.
bcrypt has a time limited that you can add for example "take atleast 1 second". this makes it more secure to bruteforce attacks.

The problem is now if the c version takes 1 second, the python version would take 10 sec. This would be way too much.
So the python version does less computation.

Don't worry I integrate it for you, next week. -> bcrypt, salting, secret.

If you use a static salt you can be exploited though "rainbow tables" also called dictionary attacks.

@coto
Owner
@coto
Owner

PyCrypto is now supported offcially with App Engine 1.7.1 https://developers.google.com/appengine/docs/python/tools/libraries27?hl=en

@tmeryu tmeryu was assigned Sep 26, 2012
@coto coto closed this in bfc9b96 Sep 26, 2012
@tmeryu tmeryu removed their assignment Aug 11, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment