Forum OpenACS Development: How to securely store your passwords

Greetings to all,

Not sure how openacs stores passwords these days. Does it still use sha1 with a salt?

"In this context, secure hashing functions like SHA have a critical flaw for password hashing: they are designed to be fast. A modern commodity CPU can generate millions of SHA256 hashes per second. Specialized GPU clusters allow for calculating hashes at a rate of billions per second."

That is from an article by Dropbox: How Dropbox securely stores your passwords.

If openacs is still using sha1 (or any sha2 hashing function), it can be migrated to use bcrypt as in the article by dropbox i.e. apply bcrypt on top of the generated hash.

Here is the git repo for bcrypt-tcl:

Linux and macOS are supported.

Any and all feedback is welcome.

PS. I understand that the trend is to use oauth2 to outsource identity management but since openacs still has passwords it might as well store them securely.

Posted by Gustaf Neumann on
Hi Neophytos,

Not sure how openacs stores passwords these days

Current OpenACS currently supports the following methods:
* scram-sha-256
* scrypt-16384-8-1
* salted-sha1

Upgrading can be performed via changing the kernel parameter. The method scram-sha-256 is defined in RFC 7677 and is e.g. the recommended password hash function for newer versions of PostgreSQL.

scrypt is newer than bcrypt and supports parameterization to further harden against attacks.

When NaviServer is complied with OpenSSL 3.2 or newer [2], Argon2 is supported as well. Argon2 is a key derivation function that was selected as the winner of the 2015 Password Hashing Competition, defined by RFC 9106 (2021) - and also mentioned as the first choice of the (somewhat outdated) dropbox article.



Posted by Neophytos Demetriou on
Thanks Gustaf. One thing I like about bcrypt is that there is one variable, the work factor. 10-12 is a good value and you can increase it linearly. I am looking at argon2 from your commit and it requires: memcost, lanes, threads, and so on. You have to be a scientist to use it.

        set r [::ns_crypto::argon2 -variant argon2id \
                   -password "1234567890" \
                   -salt "saltsaltsaltsalt" \
                   -memcost 12288 \
                   -lanes 1 \
                   -iter 3 \
                   -threads 1 \
                   -outlen 16]

Yup, argon2 won that competition but I like bcrypt's simplicity.

Posted by Gustaf Neumann on
You have to be a scientist to use it.

No, systems provide already proper parameterizations, which are provided as recommendations from scientists. The same thing is true for scrypt. Parameterization is usually seen as an advantage of scrypt and argon2 over bcrypt.

Posted by Neophytos Demetriou on
Not sure I agree. I am working on tink-tcl these days and I came across this presentation that I agree with:

In short:

* cryptography is useful but often difficult to use correctly

* complex APIs need-in-depth expertise to be used safely

* focus of non-crypto developers is usually not on crypto

* simple mistakes can have serious consequences