scuffle icon indicating copy to clipboard operation
scuffle copied to clipboard

Published 20 hours ago verified publisher icon ScuffleTV

Password security: algo, strength, managment, etc

Open IS2511 opened this issue 2 years ago • 2 comments
trafficstars

Collecting here all the info about passwords and how we manage them. This should be closed when we are satisfied with our level of password security and management procedures.

This is a collection from 3 posts by me:

I'll only combine all of them in this initial text.

About password algorithms

AFAIK "argon2 + salt + pepper" is the last word in password hashing. bcrypt is practically legacy by now. Giving it a quick search just[^1] in[^2] case[^3], I see no problems. I would encourage to read the OWASP cheatsheet[^1] in particular.

If we really want to get into it, we could try to follow NIST guidelines[^4]. Document B says you SHOULD salt and lists a few recommended options for hashing:

Examples of suitable key derivation functions include Password-based Key Derivation Function 2 (PBKDF2) [SP 800-132] and Balloon [BALLOON]. A memory-hard function SHOULD be used because it increases the cost of an attack. The key derivation function SHALL use an approved one-way function such as Keyed Hash Message Authentication Code (HMAC) [FIPS 198-1], any approved hash function in SP 800-107, Secure Hash Algorithm 3 (SHA-3) [FIPS 202], CMAC [SP 800-38B] or Keccak Message Authentication Code (KMAC), Customizable SHAKE (cSHAKE), or ParallelHash [SP 800-185].

But if we don't need FIPS-140[^5] compliance, I don't think we need to strictly follow that.

About password strength

About proper passwords and stuff, I think we should research this later and come up with a better algo to determine the strength of a password. 8+ chars and at least one uppercase+digit+special is ok, but I want to accommodate for more diverse password styles. Like long_phrase_passwords with no digits or uppercase letters, etc. As some inspiration, take a look at password entropy with https://xkpasswd.net/s/ Some^6 more^7 inspiration^8. Especially the first^6 one.

funny and true (spoiler)

xkcd comic 936. password strength

About password peppering

Consider adding peppering. Since argon2 (as an algo) even supports it with it's "secret"^9, and argon2 (the lib) implements it[^10]. Notes on how to properly do peppering from OWASP Password Cheat Sheet[^11], my beloved.

Also check out counter-points to pepper[^12] (and the two[^13] links[^14] from that answer are also interesting), even if most of them don't apply to our case because we are using argon2 as intended, it has the "secret" param for a reason. However, secret rotation should be considered, as OWASP[^11] also mentions.

[^1]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html (archived 2023-03-03) [^2]: https://developer.okta.com/blog/2019/07/29/hashing-techniques-for-password-storage [^3]: https://codesigningstore.com/what-is-the-best-hashing-algorithm (archived 2023-03-03) [^4]: https://pages.nist.gov/800-63-3/ [^5]: https://en.wikipedia.org/wiki/FIPS_140

[^10]: https://docs.rs/argon2/0.5.0/argon2/struct.Argon2.html (method) [^11]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#peppering [^12]: https://stackoverflow.com/a/16896216 [^13]: https://stackoverflow.com/a/16597402 [^14]: http://blog.ircmaxell.com/2012/04/properly-salting-passwords-case-against.html

Participation

  • [ ] I am willing to submit a pull request to implement this

Disclaimer

  • [X] I agree

IS2511 avatar Mar 06 '23 13:03 IS2511

Peppering is annoying to work with and also does not really do much. Since peppering means we have to introduce state (we have to store the pepper) and if an attacker somehow manages to breach into our system, its very likely that they will have the pepper too.

Originally posted by @TroyKomodo in https://github.com/ScuffleTV/scuffle/pull/63#discussion_r1126563003

It just becomes annoying to work with since we then have to know about the pepper here. perhaps we can add it but I am not sure if it actually does anything extra. Argon2 is already impossible to crack using any means, adding peppering means we have to keep track of a state all for it to be impossible * 2?

Originally posted by @TroyKomodo in https://github.com/ScuffleTV/scuffle/pull/63#discussion_r1126565693

IS2511 avatar Mar 06 '23 15:03 IS2511

Is this issue superseded by #176 @IS2511 ?

TroyKomodo avatar Jan 02 '24 03:01 TroyKomodo