ASVS icon indicating copy to clipboard operation
ASVS copied to clipboard

Published 20 hours ago verified publisher icon OWASP

2.7.5 is a security problem and weakness

Open jmanico opened this issue 1 year ago • 9 comments

This requirement is a security weakness.

2.7.5 Verify that the out of band verifier retains only a hashed version of the authentication code.

Even 8 numerical digits when hashed are discoverable via rainbow tables.

I suggest we change this to:

2.7.5 Verify that the out of band verifier retains only a hashed version of the authentication code using password storage algorithms such as Argon2id.

jmanico avatar Dec 18 '23 14:12 jmanico

We have separate requirement for password storage:

# Description L1 L2 L3 CWE NIST §
2.4.1 [MODIFIED] Verify that one of the following password hashing functions is used when storing the user's password for the application: argon2id, scrypt, bcrypt or PBKDF2. (C6) 916 5.1.1.2

Do we want to have hashing requirements separately for "usual password" and "out of band verifier" (and also for "lookup secrets")? My question (and a bit recommendation is) - can we move/merge hashing part from those requirements to 2.4.1?

# Description L1 L2 L3 CWE NIST §
2.6.2 [MODIFIED, SPLIT TO 2.6.4] Verify that lookup secrets stored at the back-end with less than 112 bits of entropy (19 random alphanumeric characters or 34 random digits) are hashed with an approved password storage hashing algorithm that incorporates a 32-bit random salt. A standard hash function can be used if the secret has 112 bits of entropy or more. 330 5.1.2.2
2.7.5 Verify that the out of band verifier retains only a hashed version of the authentication code. 256 5.1.3.2

elarlang avatar Dec 19 '23 07:12 elarlang

I like the idea of combining these. Perhaps:

[MODIFIED] Verify that the application employs one of the following robust password hashing functions for securely storing secrets requiring verification. This includes user passwords, lookup secrets, out-of-band verifiers, and similar entities. The recommended hashing functions are argon2id, scrypt, bcrypt, or PBKDF2.

jmanico avatar Dec 19 '23 09:12 jmanico

Feels a bit wordy AI output for me.

What do you think about direction like:

Verify that argon2id, scrypt, bcrypt, or PBKDF2 password hashing function is used when storing the user's password for the application, including out-of-band verifier and lookup secrets.

elarlang avatar Dec 20 '23 06:12 elarlang

I like your requirement text better let’s do this.

jmanico avatar Dec 20 '23 10:12 jmanico

Anything to keep from current 2.6.2 and 2.7.5?

elarlang avatar Dec 20 '23 11:12 elarlang

@jmanico - should we keep anything from the current 2.6.2 and 2.7.5?

@tghosth - what do you think about it?

elarlang avatar Dec 31 '23 11:12 elarlang

Is there a way we can centralize the list of password storage algorithms and have other requirements point to it?

Otherwise is looks good to me.

jmanico avatar Dec 31 '23 16:12 jmanico

This is one of those NIST requirements that hurts my head to read and to be honest I think that it has been misinterpreted.

The NIST requirement talks about an identifying key and an authentication secret. It talks about hashing the former and it talks about the latter having at least 20 bits of entropy.

I think this is one of those sections that is going to need some sort of simplification to be usable so I would suggest either deleting this requirement or leaving this issue open for when someone does the V2 rewrite.

tghosth avatar Jan 23 '24 16:01 tghosth

My only point here is that secrets that only need to be verified (and not reversed) should use a password hash, not a normal hash (message integrity code).

jmanico avatar Jun 06 '24 10:06 jmanico

I propose deleting this as insufficient impact, I don't think this temporary code is important enough or long lived enough for me to care how it is stored.

tghosth avatar Nov 05 '24 22:11 tghosth