Opened 10 years ago
Closed 14 months ago
#10813 closed enhancement (invalid)
[with patch] Secure password hashing in Sage notebook
| Reported by: | jjh | Owned by: | jason, mpatel, was |
|---|---|---|---|
| Priority: | minor | Milestone: | sage-duplicate/invalid/wontfix |
| Component: | notebook | Keywords: | |
| Cc: | kcrisman, jhpalmieri | Merged in: | |
| Authors: | Jonathan Hunt | Reviewers: | |
| Report Upstream: | N/A | Work issues: | |
| Branch: | Commit: | ||
| Dependencies: | Stopgaps: |
Status badges
Description
I recently noticed that when creating passwords for the Sage notebook they are hashed using the Unix crypt function and with a constant salt (hardcoded). This is unsecure for several reasons. Many implementations of crypt use partially-broken hash functions (such as md5) and the use of a constant salt accentuates this problem because it means that the salt is the same for every password. Exploits on these flawed hash functions are becoming increasingly practical.
It may be argued that Sage notebook is not designed to be ultra-secure. However, many people re-use passwords and so they may be exposing their password details for more important systems. It seems ironic that a maths package with a focus of number theory should use poor-quality cryptography functions.
The patch below modifies the Sage notebook user.py to use a standard of password generation known as PBKDF2. I used a freely-available python implementation and modified it in two ways. Firstly, I modified the password hashing to use SHA512 rather than SHA1 since if we're going to be secure we may as well be as secure as possible. Additionally, I modified the library so that if passed a salt it doesn't recognise it falls back to the Unix crypt library. This means it can be used as a drop-in replacement for crypt and old passwords will continue to work. When users update their passwords (or new users are created) they will now be stored significantly more safely with an independent random hash for each password.
This patch adds one new python file pbkdf2m.py and makes a few modifications to user.py to use the new hashing functions. Additionally, some doctests in notebook.py dependended on the implementation of the hash function so I modified them. No new external dependencies are created (everything is pure python libraries).
An additional advantage is that the password hashes are now system independent, so that if someone wanted to transfer the list of users between machines the password hashes will continue to work even if the system crypt function is changed (as some Linux distribution have done).
I am not a crytography expert so if someone wiser wanted to take a look over the code that wouldn't hurt at all (I am reasonably confident that, at a minimum, this patch is no less secure than the crypt function with constant salt).
Attachments (1)
Change History (5)
Changed 10 years ago by
comment:1 Changed 10 years ago by
- Summary changed from Secure password hashing in Sage notebook to [with patch] Secure password hashing in Sage notebook
comment:2 Changed 14 months ago by
- Cc kcrisman jhpalmieri added
- Milestone set to sage-duplicate/invalid/wontfix
- Status changed from new to needs_review
comment:3 Changed 14 months ago by
- Status changed from needs_review to positive_review
comment:4 Changed 14 months ago by
- Resolution set to invalid
- Status changed from positive_review to closed
thx
ancient ticket about deprecated sagenb, can we close ?