Arc Forumnew | comments | leaders | submitlogin
Incoming issue with password hashing in news.arc
2 points by akkartik 1324 days ago | 1 comment
Arc currently outsources password hashing to the openssl command.

On Ubuntu 10.04:

  $ dpkg -l |grep openssl
  ii  openssl                         0.9.8k-7ubuntu8.13
  $ echo a |openssl dgst -md5
  60b725f10c9c85c70d97880dfe8191b3
On Ubuntu 12.04:

  $ dpkg -l |grep openssl
  ii  openssl                         1.0.1-4ubuntu5.5  
  $ echo a |openssl dgst -md5
  (stdin)= 60b725f10c9c85c70d97880dfe8191b3
Any suggestions on how we should deal with this? Pick a different digest implementation? Does racket provide a library for digests? Or should we do some hacky stdout munging?

Also, arc currently uses sha1, and I updated anarki to switch to sha512. This will break existing passwords.



2 points by rocketnia 1323 days ago | link

Stdout munging looks like the easiest option, really. :-p

---

"Also, arc currently uses sha1, and I updated anarki to switch to sha512. This will break existing passwords."

A way to fix this is to annotate each hash with information about which algorithm was used to make it. As users log in, hash their input both ways, and replace the stored hash on success. All of PHP's hashing functions automatically prepend algorithm information to the result, and PHP has a corresponding feature to verify that a hash (annotated with algorithm information) matches a document. PHP's format isn't very elegant, but it's the closest I've seen to a standard. (Not that I've actually seen it implemented anywhere but PHP, but that PHP developers who want to migrate to another language will end up having to parse this format from their databases and either migrate it or code to it.)

It's worth noting that one pass of sha512 isn't very secure, since the speed of the algorithm makes it easy to reverse a compromised hash by comparing it to the hash of every possible password. I'm not sure what the state of the art is, but one very common recommendation is bcrypt: http://codahale.com/how-to-safely-store-a-password/

Even Hacker News uses (or has used) bcrypt: http://news.ycombinator.com/item?id=3099372

-----