Skip Menu |

This queue is for tickets about the Catalyst-Plugin-Authentication CPAN distribution.

Report information
The Basics
Id: 55850
Status: open
Priority: 0/
Queue: Catalyst-Plugin-Authentication
People
Owner: Nobody in particular
Requestors: perl [...] evancarroll.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Mar 23 16:15:09 2010 perl [...] evancarroll.com - Ticket created
Subject: SECURITY: Hashed password, broken implementation of salt.
The purpose of salt is to reduce the ability for a single (pre-calculated) rainbow table of passwords and hashes to compromise the whole store. If your salt isn't a random function, or specific to the user there is no benefit in the salt... This is broken implementation. Hard coding salt in a config file only protects you from a rainbow table without that salt. It still doesn't solve the problem of cached hashings. -- Evan Carroll System Lord of the Internets http://www.evancarroll.com
  Tue Mar 23 23:08:05 2010 onken [...] netcubed.de - Correspondence added
On Tue Mar 23 16:15:09 2010, ECARROLL wrote: Show quoted text
> The purpose of salt is to reduce the ability for a single
(pre-calculated) Show quoted text
> rainbow table of passwords and hashes to compromise the whole store. If > your salt isn't a random function, or specific to the user there is no > benefit in the salt... > > This is broken implementation. Hard coding salt in a config file only > protects you from a rainbow table without that salt. It still doesn't > solve the problem of cached hashings.
So use salted_hash which uses Crypt::SaltedHash. Or, set the salt to a random value on each request.
  Tue Mar 23 23:08:06 2010 The RT System itself - Status changed from 'new' to 'open'
  Tue Mar 23 23:36:37 2010 perl [...] evancarroll.com - Correspondence added
Show quoted text
> So use salted_hash which uses Crypt::SaltedHash. > Or, set the salt to a random value on each request.
I think you're missing something -- or I am. How do you propose to set it to a different value on each request if if the salt is being read from the configuration and not the call to authenticate? Should I modify the global configuration of C:P:A from the Controller? That sounds hackish. Moreover, the traditional method of salting is to store the salt in the DB? If this is used, should I retrieve the salt with the Authentication plugin's model? That would sound silly. Crypt::SaltHash makes the salt a function of the username, I haven't looked too much into the implementation but it certainly isn't the normal method of salting -- though it most probably helps some level. The obvious solution to this will be to have a `salt_field`, that when filled out retrieves the salt from the userinfo. I'll see about a patch tomorrow. -- Evan Carroll System Lord of the Internets http://www.evancarroll.com
  Wed Mar 24 01:48:16 2010 ARODLAND [...] cpan.org - Correspondence added
On Tue Mar 23 16:15:09 2010, ECARROLL wrote: Show quoted text
> The purpose of salt is to reduce the ability for a single (pre-
calculated) Show quoted text
> rainbow table of passwords and hashes to compromise the whole store.
If Show quoted text
> your salt isn't a random function, or specific to the user there is no > benefit in the salt... > > This is broken implementation. Hard coding salt in a config file only > protects you from a rainbow table without that salt. It still doesn't > solve the problem of cached hashings.
I have no idea what distribution you intended to file this bug against, but it's obviously not the one you *did* file against, which does nothing even vaguely resembling reading salt from a config file.
  Wed Mar 24 02:26:38 2010 perl [...] evancarroll.com - Correspondence added
http://search.cpan.org/src/FLORA/Catalyst-Plugin-Authentication- 0.10016/lib/Catalyst/Authentication/Credential/Password.pm I think I've got the right one... P.S. stop being an asshole, thanks. -- Evan Carroll System Lord of the Internets http://www.evancarroll.com
  Wed Mar 24 02:27:54 2010 perl [...] evancarroll.com - Correspondence added
Just to save some insincere discourse and further boring name calling: $d->add( $self->_config->{'password_pre_salt'} || '' ); $d->add($password); $d->add( $self->_config->{'password_post_salt'} || '' ); -- Evan Carroll System Lord of the Internets http://www.evancarroll.com
  Wed Mar 24 21:19:44 2010 jon [...] jrock.us - Correspondence added
Subject: Re: [rt.cpan.org #55850] SECURITY: Hashed password, broken implementation of salt.
Date: Wed, 24 Mar 2010 20:19:31 -0500
To: bug-Catalyst-Plugin-Authentication [...] rt.cpan.org
From: Jonathan Rockway <jon [...] jrock.us>
I think the solution is just to use bcrypt from Authen::Passphrase. BTW, Evan, you aren't entirely right about salts. If your salt is 2309874kjsdhflkasjdfho982374, then the attacker still have to make a new database for your site. So the security case is: 1) Your password database is compromised. 2) You used the same salt for everything. 3) Attacker calculates common passwords with your salt. 4) Accounts are compromised. If the salt is random per-password: 1) Your password database is compromised. 2) Same as above except you only try one account at the time, making the attack n-times more complicated, where n == number of accounts. If you just use bcrypt instead: 1) Your password database is compromised. 2) Each rainbow table entry takes about 3 seconds to compute. 3) Attacker types "jrockway/1l0v3hell0k1tty" at the login screen and fails. 4) Attacker gives up because bcrypt is 2^<big number> times slower than sha1, and brute-force attacks are infeasible. Everything I've read recently about passwords with Catalyst say to use bcrypt, so I am not too worried about this. Thanks for bringing this issue to our attention in the least annoying way possible, though. Regards, Jonathan Rockway -- print just => another => perl => hacker => if $,=$"
  Thu Mar 25 02:17:27 2010 perl [...] evancarroll.com - Correspondence added
Show quoted text
> If you just use bcrypt instead:
I don't know enough about Blowfish (I'm assuming that is what bcrypt is in reference to). I think what your trying to say it is computationally more complex. And, while that is certainly better so is SHA-256. The idea here in using SHA-1 is simply to make it slightly easier to authenticate other stuff against the DB. I just don't know enough about Blowfish. Even if I was using Blowfish the question would still come into play where do I store the salt? In the DB? Or, serialized with the password? I looked at Authen::Passphrase, but I didn't have enough time to read the docs, I'll have to check into it tomorrow. -- Evan Carroll System Lord of the Internets http://www.evancarroll.com