traits icon indicating copy to clipboard operation
traits copied to clipboard

Published 20 hours ago verified publisher icon RustCrypto

Password rehashing

Open LukeMathWalker opened this issue 3 years ago • 2 comments

I have been recently writing about password hashing in Rust and password-hash has been a great building block. There is one use-case, though, that I haven't quite figured out yet how to pull off: password rehashing.

Simplest scenario: we have a bunch of hashes stored in a database, in PHC string format. We change the set of algorithm parameters to make hashing slower - every time an old user logs in we want to rehash its password using the newest set of params.

How do we go about it?

I'd try with something like this:

  • Deserialize the stored hash into a PasswordHash struct
  • (???) Get an instance of Params from ParamsString
  • Compare the restored Params to the current Params. If different, rehash.

Looking at the API, it doesn't seem like step 2. is supported. Is there a simpler approach that I am not seeing?

LukeMathWalker avatar Sep 04 '21 08:09 LukeMathWalker

Classic - you write the issue and then find the solution: https://docs.rs/argon2/0.3.0/src/argon2/params.rs.html#320-339 There is a TryFrom implementation for Params from ParamsString when using the concrete algorithm crates.

I wonder if a more high-level API for password rehashing would be beneficial? Especially when having to migrate from a hashing algorithm to another, rather than changing parameters for the same one.

LukeMathWalker avatar Sep 04 '21 08:09 LukeMathWalker

It's a somewhat complex topic, especially as password-hash is designed to support multiple algorithms:

https://users.rust-lang.org/t/announcing-the-password-hash-crate/55383

...so it would be nice if this feature could "upgrade" password hash algorithms too.

There are also a couple schools of thought on this topic. One is a "lazy" approach which upgrades passwords as users login. Another is an "onion" approach where the old password hash is used as an input to a newer, more secure hash. In fact the latter is very common and perhaps more popular than the former, most likely because it can be performed eagerly across entire user databases without users having to login to perform the upgrade.

tarcieri avatar Sep 05 '21 13:09 tarcieri

I wonder if a more high-level API for password rehashing would be beneficial?

This issue is more or less "solved" in the password-auth crate which provides a higher-level API for password hashing in general.

It provides an is_hash_obsolete function which can be used to decide if the password should be rehashed, and supports either eager or lazy rehashing as I described above.

tarcieri avatar Nov 17 '23 18:11 tarcieri