-
Improvement
-
Resolution: Fixed
-
Minor
-
Future Dev
-
MOODLE_403_STABLE
-
master_
MDL-67390 -
-
2
-
Team Hedgehog 2023 Review 2, Team Hedgehog 2023 Sprint 3.1
This is broadly very similar to MDL-36057 where we updated from md5 to password_hash() which uses bcrypt (blowfish), here we want to upgrade from blowfish to something which is more modern and approved by various gov agencies, eg SHA-256, SHA-384, SHA-512:
"The only approved hashing algorithm is Secure Hashing Algorithm 2 (SHA-2)." - https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography
"NIST recommends that federal agencies transition away from SHA-1 for all applications as soon as possible. Federal agencies should use SHA-2 or SHA-3 as an alternative to SHA-1." - https://csrc.nist.gov/Projects/Hash-Functions/NIST-Policy-on-Hash-Functions
Also as part of this we should update the password history tracking in a way that either uses the same more secure hash, or treats this more as a checksum rather than a hash as we only need to look for collisions and a false positive here doesn't matter (unlike a real password check). https://github.com/moodle/moodle/blob/master/user/lib.php#L1011-L1024
In terms of hashing performance, test runs were conducted using SHA256 and SHA512 and compared against the current bcrypt method. For the SHA2 class of algorithms a new random salt was generated for each hash (as it would be for a password hashing process). The results show that SHA2 is much faster than bcrypt with negligible calculation time between SHA256 and SHA512
Generating 1000 hashes using bcrypt...
|
Cost: 4, Time: 1.1055860519409 seconds
|
Cost: 10, Time: 72.641986131668 seconds
|
Generating 1000 hashes using SHA256...
|
Rounds: 5000, Time: 4.1576209068298 seconds
|
Rounds: 10000, Time: 8.0215101242065 seconds
|
Generating 1000 hashes using SHA512...
|
Rounds: 5000, Time: 4.2004630565643 seconds
|
Rounds: 10000, Time: 8.4337508678436 seconds
|
Approach for new hashing:
- Enforce SHA512 as the new algorithm and upgrading bcrypt on login (lazy upgrade)
- Deprecate MD5 support completely and remove it. We’re now past “lazy upgrading” of legacy MD5 based hashes.
- Remove the checks and code to upgrade md5 passwords on login. (users with md5 hashed passwords will no longer be able to login without resetting their password).
- On upgrade set all md5 hashed passwords to a new random password using the new hash method (to get rid of insecure hashes in the db)
- blocks
-
MDL-79134 Backup: Deprecate MD5 for included user passwords
- Closed
-
MDL-67774 Specify password peppers in config.php
- Closed
- caused a regression
-
MDL-79565 An error occurs because the query uses the SQL command LENGTH() instead of sql_length()
- Closed
-
MDL-80064 Null Passwords No Longer Allowed for Auth Plugin User Creation?
- Closed
- has been marked as being related by
-
MDL-65818 Provide admin setting type for secure data (passwords/tokens)
- Closed
-
MDL-78698 Deprecate random_bytes_emulate function
- Closed