Forum OpenACS Q&A: Re: Usage of SHA-1 in OpenACS

Posted by Gustaf Neumann on
The general question is quite wide, there are usages where sha1 (and md5) are perfectly fine, but other cases, where it should not be used. The usage of sha1 and md5 is strongly discouraged for certificates - but this happens under the hood, when connecting to OpenACS via HTTPs.

The main problem with early days hash algorithms cam with the advent of using GPUs for computing hashes; it is actually not recommended anymore to use salted passwords with any kind of SHA* algorithm, since the computing these hashes became too fast. An attacker with an standard GPU (videocard) can compute billions of hashes per second and try these. So, newer algorithms were developed to actually slow hash computation (and therefore password computation) to make it either CPU-hard or memory hard (or both).

When NaviServer is compiled with a recent version of OpenSSL (alpha releases of OpenSSL 3.0) it supports scrypt [1], one of the recommended algorithms (RFC 7914), which is a modern replacement for crypt and bcrypt. There is as well a PR for Argon2 for OpenSSL, but that will come after the release of OpenSSL 3).

So, using these good new hash algorithms can already be used in OpenACS when compiled with recent versions of NaviServer (4.99.19, released Jan 2020) and OpenSSL. The main work for using these algorithms for password protection in general OpenACS is to manage existing user accounts, since users with "old" hash computations have to be converted to the new algorithms, which can't be done without knowing the password (so the user has to log in). So, in essence, one has to extend the datamodel to support many algorithms at the same time and to migrate the passwords gradually, while these are in use. No rocket science, but some work.

If you need just newer hash algorithms, use "ns_md" in NaviServer, which supports currently not only sha1, but as well the following message digest algorithms:

blake2b512 blake2s256 md4 md5 md5-sha1 mdc2 ripemd160 sha1 sha224 sha256 sha3-224 sha3-256 sha3-384 sha3-512 sha384 sha512 sha512-224 sha512-256 shake128 shake256 sm3 whirlpool

Hope this helps. ... but i have to feeling the question was not asked out of curiosity.