OFBiz › OFBiz - Dev

Replace password encryption SHA-1 by SHA-512

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

15 messages Options

Jacques Le Roux

Replace password encryption SHA-1 by SHA-512

Administrator

Hi,

At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has contributed a new PBDKF2_SHA* one way encryption for password

At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has committed it, I made few remarks on this commit, one of this comment was also
discussed in the Jira by Pierre and Michael. It's about using PBDKF2 OOTB.

After reading https://cryptosense.com/parameter-choice-for-pbkdf2/ I think we should replace our current SHA1 default implementation by SHA-512 and
increase PBKDF2_ITERATIONS to 10 000

We should also provide new PBDKF2_SHA1 password data.

As suggested by the article above, another step would be to use Argon https://password-hashing.net/

What do you think?

Jacques

Shi Jinghai-3

Re: Replace password encryption SHA-1 by SHA-512

Hi Jacques,

Personally I'd prefer PBKDF2 rather than Argon, because the encrypt of PBKDF2 is done by JDK, I don't know whether Argon has been supported by JDK.

Kind Regards,

Shi Jinghai

-----邮件原件-----
发件人: Jacques Le Roux [mailto:[hidden email]]
发送时间: 2016年12月5日 22:24
收件人: [hidden email]
抄送: gregory draperi
主题: Replace password encryption SHA-1 by SHA-512

Hi,

At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has contributed a new PBDKF2_SHA* one way encryption for password

At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has committed it, I made few remarks on this commit, one of this comment was also discussed in the Jira by Pierre and Michael. It's about using PBDKF2 OOTB.

After reading https://cryptosense.com/parameter-choice-for-pbkdf2/ I think we should replace our current SHA1 default implementation by SHA-512 and increase PBKDF2_ITERATIONS to 10 000

We should also provide new PBDKF2_SHA1 password data.

As suggested by the article above, another step would be to use Argon https://password-hashing.net/

What do you think?

Jacques

Jacques Le Roux

Re: Replace password encryption SHA-1 by SHA-512

Administrator

Thanks Jinghai, indeed Argon does not seems to be implemented in available JDKs, maybe later...

Jacques

Le 05/12/2016 à 15:48, Shi Jinghai a écrit :

> Hi Jacques,
>
> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt of PBKDF2 is done by JDK, I don't know whether Argon has been supported by JDK.
>
> Kind Regards,
>
> Shi Jinghai
>
> -----邮件原件-----
> 发件人: Jacques Le Roux [mailto:[hidden email]]
> 发送时间: 2016年12月5日 22:24
> 收件人: [hidden email]
> 抄送: gregory draperi
> 主题: Replace password encryption SHA-1 by SHA-512
>
> Hi,
>
> At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has contributed a new PBDKF2_SHA* one way encryption for password
>
> At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has committed it, I made few remarks on this commit, one of this comment was also discussed in the Jira by Pierre and Michael. It's about using PBDKF2 OOTB.
>
> After reading https://cryptosense.com/parameter-choice-for-pbkdf2/ I think we should replace our current SHA1 default implementation by SHA-512 and increase PBKDF2_ITERATIONS to 10 000
>
> We should also provide new PBDKF2_SHA1 password data.
>
> As suggested by the article above, another step would be to use Argon https://password-hashing.net/
>
> What do you think?
>
> Jacques
>
>
>

Jacques Le Roux

Re: Replace password encryption SHA-1 by SHA-512

Administrator

OK, nobody expressed a concern so I'll apply a lazy consensus and implement "SHA-512 and increase PBKDF2_ITERATIONS to 10 000"

Else please express your concern now before I create a Jira for that

Thanks

Jacques

Le 05/12/2016 à 16:38, Jacques Le Roux a écrit :

> Thanks Jinghai, indeed Argon does not seems to be implemented in available JDKs, maybe later...
>
> Jacques
>
>
> Le 05/12/2016 à 15:48, Shi Jinghai a écrit :
>> Hi Jacques,
>>
>> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt of PBKDF2 is done by JDK, I don't know whether Argon has been supported by JDK.
>>
>> Kind Regards,
>>
>> Shi Jinghai
>>
>> -----邮件原件-----
>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>> 发送时间: 2016年12月5日 22:24
>> 收件人: [hidden email]
>> 抄送: gregory draperi
>> 主题: Replace password encryption SHA-1 by SHA-512
>>
>> Hi,
>>
>> At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has contributed a new PBDKF2_SHA* one way encryption for password
>>
>> At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has committed it, I made few remarks on this commit, one of this comment was also
>> discussed in the Jira by Pierre and Michael. It's about using PBDKF2 OOTB.
>>
>> After reading https://cryptosense.com/parameter-choice-for-pbkdf2/ I think we should replace our current SHA1 default implementation by SHA-512 and
>> increase PBKDF2_ITERATIONS to 10 000
>>
>> We should also provide new PBDKF2_SHA1 password data.
>>
>> As suggested by the article above, another step would be to use Argon https://password-hashing.net/
>>
>> What do you think?
>>
>> Jacques
>>
>>
>>
>
>

Michael Brohl-3

Re: Replace password encryption SHA-1 by SHA-512

Jacques,

I have no time to think about it more so I would prefer to create a
Jira, provide a patch and wait a few days for people to review.

I see no need to hurry with this issue.

Thanks,

Michael

Am 08.12.16 um 10:01 schrieb Jacques Le Roux:

> OK, nobody expressed a concern so I'll apply a lazy consensus and
> implement "SHA-512 and increase PBKDF2_ITERATIONS to 10 000"
>
> Else please express your concern now before I create a Jira for that
>
> Thanks
>
> Jacques
>
>
> Le 05/12/2016 à 16:38, Jacques Le Roux a écrit :
>> Thanks Jinghai, indeed Argon does not seems to be implemented in
>> available JDKs, maybe later...
>>
>> Jacques
>>
>>
>> Le 05/12/2016 à 15:48, Shi Jinghai a écrit :
>>> Hi Jacques,
>>>
>>> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt
>>> of PBKDF2 is done by JDK, I don't know whether Argon has been
>>> supported by JDK.
>>>
>>> Kind Regards,
>>>
>>> Shi Jinghai
>>>
>>> -----邮件原件-----
>>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>>> 发送时间: 2016年12月5日 22:24
>>> 收件人: [hidden email]
>>> 抄送: gregory draperi
>>> 主题: Replace password encryption SHA-1 by SHA-512
>>>
>>> Hi,
>>>
>>> At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has
>>> contributed a new PBDKF2_SHA* one way encryption for password
>>>
>>> At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has
>>> committed it, I made few remarks on this commit, one of this comment
>>> was also discussed in the Jira by Pierre and Michael. It's about
>>> using PBDKF2 OOTB.
>>>
>>> After reading https://cryptosense.com/parameter-choice-for-pbkdf2/ I
>>> think we should replace our current SHA1 default implementation by
>>> SHA-512 and increase PBKDF2_ITERATIONS to 10 000
>>>
>>> We should also provide new PBDKF2_SHA1 password data.
>>>
>>> As suggested by the article above, another step would be to use
>>> Argon https://password-hashing.net/
>>>
>>> What do you think?
>>>
>>> Jacques
>>>
>>>
>>>
>>
>>
>

smime.p7s (5K) Download Attachment

Hans Bakker

Re: Replace password encryption SHA-1 by SHA-512

What is the impact?

if people have to re-enter the password then it is not acceptable.

it should be backwards compatible.

Regards,
Hans

On 08/12/16 16:33, Michael Brohl wrote:

> Jacques,
>
> I have no time to think about it more so I would prefer to create a
> Jira, provide a patch and wait a few days for people to review.
>
> I see no need to hurry with this issue.
>
> Thanks,
>
> Michael
>
>
> Am 08.12.16 um 10:01 schrieb Jacques Le Roux:
>> OK, nobody expressed a concern so I'll apply a lazy consensus and
>> implement "SHA-512 and increase PBKDF2_ITERATIONS to 10 000"
>>
>> Else please express your concern now before I create a Jira for that
>>
>> Thanks
>>
>> Jacques
>>
>>
>> Le 05/12/2016 à 16:38, Jacques Le Roux a écrit :
>>> Thanks Jinghai, indeed Argon does not seems to be implemented in
>>> available JDKs, maybe later...
>>>
>>> Jacques
>>>
>>>
>>> Le 05/12/2016 à 15:48, Shi Jinghai a écrit :
>>>> Hi Jacques,
>>>>
>>>> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt
>>>> of PBKDF2 is done by JDK, I don't know whether Argon has been
>>>> supported by JDK.
>>>>
>>>> Kind Regards,
>>>>
>>>> Shi Jinghai
>>>>
>>>> -----邮件原件-----
>>>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>>>> 发送时间: 2016年12月5日 22:24
>>>> 收件人: [hidden email]
>>>> 抄送: gregory draperi
>>>> 主题: Replace password encryption SHA-1 by SHA-512
>>>>
>>>> Hi,
>>>>
>>>> At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has
>>>> contributed a new PBDKF2_SHA* one way encryption for password
>>>>
>>>> At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has
>>>> committed it, I made few remarks on this commit, one of this comment
>>>> was also discussed in the Jira by Pierre and Michael. It's about
>>>> using PBDKF2 OOTB.
>>>>
>>>> After reading https://cryptosense.com/parameter-choice-for-pbkdf2/ I
>>>> think we should replace our current SHA1 default implementation by
>>>> SHA-512 and increase PBKDF2_ITERATIONS to 10 000
>>>>
>>>> We should also provide new PBDKF2_SHA1 password data.
>>>>
>>>> As suggested by the article above, another step would be to use
>>>> Argon https://password-hashing.net/
>>>>
>>>> What do you think?
>>>>
>>>> Jacques
>>>>
>>>>
>>>>
>>>
>>>
>>
>
>

--

Regards,

Hans Bakker
CEO, http://antwebsystems.com

Michael Brohl-3

Re: Replace password encryption SHA-1 by SHA-512

I agree, Hans.

A new implementation should be optional and not simply replace the old.

Regards,

Michael

Am 09.12.16 um 03:12 schrieb Hans Bakker:

> What is the impact?
>
> if people have to re-enter the password then it is not acceptable.
>
> it should be backwards compatible.
>
> Regards,
> Hans
>
> On 08/12/16 16:33, Michael Brohl wrote:
>> Jacques,
>>
>> I have no time to think about it more so I would prefer to create a
>> Jira, provide a patch and wait a few days for people to review.
>>
>> I see no need to hurry with this issue.
>>
>> Thanks,
>>
>> Michael
>>
>>
>> Am 08.12.16 um 10:01 schrieb Jacques Le Roux:
>>> OK, nobody expressed a concern so I'll apply a lazy consensus and
>>> implement "SHA-512 and increase PBKDF2_ITERATIONS to 10 000"
>>>
>>> Else please express your concern now before I create a Jira for that
>>>
>>> Thanks
>>>
>>> Jacques
>>>
>>>
>>> Le 05/12/2016 à 16:38, Jacques Le Roux a écrit :
>>>> Thanks Jinghai, indeed Argon does not seems to be implemented in
>>>> available JDKs, maybe later...
>>>>
>>>> Jacques
>>>>
>>>>
>>>> Le 05/12/2016 à 15:48, Shi Jinghai a écrit :
>>>>> Hi Jacques,
>>>>>
>>>>> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt
>>>>> of PBKDF2 is done by JDK, I don't know whether Argon has been
>>>>> supported by JDK.
>>>>>
>>>>> Kind Regards,
>>>>>
>>>>> Shi Jinghai
>>>>>
>>>>> -----邮件原件-----
>>>>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>>>>> 发送时间: 2016年12月5日 22:24
>>>>> 收件人: [hidden email]
>>>>> 抄送: gregory draperi
>>>>> 主题: Replace password encryption SHA-1 by SHA-512
>>>>>
>>>>> Hi,
>>>>>
>>>>> At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has
>>>>> contributed a new PBDKF2_SHA* one way encryption for password
>>>>>
>>>>> At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has
>>>>> committed it, I made few remarks on this commit, one of this comment
>>>>> was also discussed in the Jira by Pierre and Michael. It's about
>>>>> using PBDKF2 OOTB.
>>>>>
>>>>> After reading https://cryptosense.com/parameter-choice-for-pbkdf2/ I
>>>>> think we should replace our current SHA1 default implementation by
>>>>> SHA-512 and increase PBKDF2_ITERATIONS to 10 000
>>>>>
>>>>> We should also provide new PBDKF2_SHA1 password data.
>>>>>
>>>>> As suggested by the article above, another step would be to use
>>>>> Argon https://password-hashing.net/
>>>>>
>>>>> What do you think?
>>>>>
>>>>> Jacques
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>

smime.p7s (5K) Download Attachment

taher

Re: Replace password encryption SHA-1 by SHA-512

I think the best solution in here is to actually parameterize the
encryption algorithm with a default backwards compatible choice (SHA1).

However, I'm not sure that we do need that. SHA1 is okay I think, and it
has the most support out there in terms of libraries. Do we have any
history of people cracking passwords in OFBiz _because_ they are SHA1? I
mean for that to happen, I think not only does the password have to be
weak, but the attacker should have access to the database and be able to
retrieve the password hashes, which seems less likely to me.

On Fri, Dec 9, 2016 at 12:06 PM, Michael Brohl <[hidden email]>
wrote:

> I agree, Hans.
>
> A new implementation should be optional and not simply replace the old.
>
> Regards,
>
> Michael
>
> Am 09.12.16 um 03:12 schrieb Hans Bakker:
>
> What is the impact?
>>
>> if people have to re-enter the password then it is not acceptable.
>>
>> it should be backwards compatible.
>>
>> Regards,
>> Hans
>>
>> On 08/12/16 16:33, Michael Brohl wrote:
>>
>>> Jacques,
>>>
>>> I have no time to think about it more so I would prefer to create a
>>> Jira, provide a patch and wait a few days for people to review.
>>>
>>> I see no need to hurry with this issue.
>>>
>>> Thanks,
>>>
>>> Michael
>>>
>>>
>>> Am 08.12.16 um 10:01 schrieb Jacques Le Roux:
>>>
>>>> OK, nobody expressed a concern so I'll apply a lazy consensus and
>>>> implement "SHA-512 and increase PBKDF2_ITERATIONS to 10 000"
>>>>
>>>> Else please express your concern now before I create a Jira for that
>>>>
>>>> Thanks
>>>>
>>>> Jacques
>>>>
>>>>
>>>> Le 05/12/2016 à 16:38, Jacques Le Roux a écrit :
>>>>
>>>>> Thanks Jinghai, indeed Argon does not seems to be implemented in
>>>>> available JDKs, maybe later...
>>>>>
>>>>> Jacques
>>>>>
>>>>>
>>>>> Le 05/12/2016 à 15:48, Shi Jinghai a écrit :
>>>>>
>>>>>> Hi Jacques,
>>>>>>
>>>>>> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt
>>>>>> of PBKDF2 is done by JDK, I don't know whether Argon has been
>>>>>> supported by JDK.
>>>>>>
>>>>>> Kind Regards,
>>>>>>
>>>>>> Shi Jinghai
>>>>>>
>>>>>> -----邮件原件-----
>>>>>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>>>>>> 发送时间: 2016年12月5日 22:24
>>>>>> 收件人: [hidden email]
>>>>>> 抄送: gregory draperi
>>>>>> 主题: Replace password encryption SHA-1 by SHA-512
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has
>>>>>> contributed a new PBDKF2_SHA* one way encryption for password
>>>>>>
>>>>>> At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has
>>>>>> committed it, I made few remarks on this commit, one of this comment
>>>>>> was also discussed in the Jira by Pierre and Michael. It's about
>>>>>> using PBDKF2 OOTB.
>>>>>>
>>>>>> After reading https://cryptosense.com/parameter-choice-for-pbkdf2/ I
>>>>>> think we should replace our current SHA1 default implementation by
>>>>>> SHA-512 and increase PBKDF2_ITERATIONS to 10 000
>>>>>>
>>>>>> We should also provide new PBDKF2_SHA1 password data.
>>>>>>
>>>>>> As suggested by the article above, another step would be to use
>>>>>> Argon https://password-hashing.net/
>>>>>>
>>>>>> What do you think?
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>
>

Pierre Smits

Re: Replace password encryption SHA-1 by SHA-512

Assume the worst...

Best regards,

Pierre Smits

ORRTIZ.COM <http://www.orrtiz.com>
OFBiz based solutions & services

OFBiz Extensions Marketplace
http://oem.ofbizci.net/oci-2/

On Fri, Dec 9, 2016 at 10:17 AM, Taher Alkhateeb <[hidden email]
> wrote:

> I think the best solution in here is to actually parameterize the
> encryption algorithm with a default backwards compatible choice (SHA1).
>
> However, I'm not sure that we do need that. SHA1 is okay I think, and it
> has the most support out there in terms of libraries. Do we have any
> history of people cracking passwords in OFBiz _because_ they are SHA1? I
> mean for that to happen, I think not only does the password have to be
> weak, but the attacker should have access to the database and be able to
> retrieve the password hashes, which seems less likely to me.
>
> On Fri, Dec 9, 2016 at 12:06 PM, Michael Brohl <[hidden email]>
> wrote:
>
> > I agree, Hans.
> >
> > A new implementation should be optional and not simply replace the old.
> >
> > Regards,
> >
> > Michael
> >
> > Am 09.12.16 um 03:12 schrieb Hans Bakker:
> >
> > What is the impact?
> >>
> >> if people have to re-enter the password then it is not acceptable.
> >>
> >> it should be backwards compatible.
> >>
> >> Regards,
> >> Hans
> >>
> >> On 08/12/16 16:33, Michael Brohl wrote:
> >>
> >>> Jacques,
> >>>
> >>> I have no time to think about it more so I would prefer to create a
> >>> Jira, provide a patch and wait a few days for people to review.
> >>>
> >>> I see no need to hurry with this issue.
> >>>
> >>> Thanks,
> >>>
> >>> Michael
> >>>
> >>>
> >>> Am 08.12.16 um 10:01 schrieb Jacques Le Roux:
> >>>
> >>>> OK, nobody expressed a concern so I'll apply a lazy consensus and
> >>>> implement "SHA-512 and increase PBKDF2_ITERATIONS to 10 000"
> >>>>
> >>>> Else please express your concern now before I create a Jira for that
> >>>>
> >>>> Thanks
> >>>>
> >>>> Jacques
> >>>>
> >>>>
> >>>> Le 05/12/2016 à 16:38, Jacques Le Roux a écrit :
> >>>>
> >>>>> Thanks Jinghai, indeed Argon does not seems to be implemented in
> >>>>> available JDKs, maybe later...
> >>>>>
> >>>>> Jacques
> >>>>>
> >>>>>
> >>>>> Le 05/12/2016 à 15:48, Shi Jinghai a écrit :
> >>>>>
> >>>>>> Hi Jacques,
> >>>>>>
> >>>>>> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt
> >>>>>> of PBKDF2 is done by JDK, I don't know whether Argon has been
> >>>>>> supported by JDK.
> >>>>>>
> >>>>>> Kind Regards,
> >>>>>>
> >>>>>> Shi Jinghai
> >>>>>>
> >>>>>> -----邮件原件-----
> >>>>>> 发件人: Jacques Le Roux [mailto:[hidden email]]
> >>>>>> 发送时间: 2016年12月5日 22:24
> >>>>>> 收件人: [hidden email]
> >>>>>> 抄送: gregory draperi
> >>>>>> 主题: Replace password encryption SHA-1 by SHA-512
> >>>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has
> >>>>>> contributed a new PBDKF2_SHA* one way encryption for password
> >>>>>>
> >>>>>> At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has
> >>>>>> committed it, I made few remarks on this commit, one of this comment
> >>>>>> was also discussed in the Jira by Pierre and Michael. It's about
> >>>>>> using PBDKF2 OOTB.
> >>>>>>
> >>>>>> After reading https://cryptosense.com/parameter-choice-for-pbkdf2/
> I
> >>>>>> think we should replace our current SHA1 default implementation by
> >>>>>> SHA-512 and increase PBKDF2_ITERATIONS to 10 000
> >>>>>>
> >>>>>> We should also provide new PBDKF2_SHA1 password data.
> >>>>>>
> >>>>>> As suggested by the article above, another step would be to use
> >>>>>> Argon https://password-hashing.net/
> >>>>>>
> >>>>>> What do you think?
> >>>>>>
> >>>>>> Jacques
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>
> >
> >
>

Scott Gray-3

Re: Replace password encryption SHA-1 by SHA-512

In reply to this post by taher

Maybe ask LinkedIn, Zappos, Evernote, Living Social or Adobe if it's
prudent to assume that no one will ever get hold of your password hashes.
One researcher was able to recover 80% (~140 million) of passwords from the
LinkedIn breach in a single day, they were using unsalted SHA1.

Regards
Scott

On 9 December 2016 at 02:17, Taher Alkhateeb <[hidden email]>
wrote:

taher

Re: Replace password encryption SHA-1 by SHA-512

Ouch, didn't know that!

So then perhaps a parameterized approach is prudent while maintaining
backward compatibility. Might also give us the ability to add other
algorithms in the future.

On Dec 14, 2016 11:30 PM, "Scott Gray" <[hidden email]> wrote:

Maybe ask LinkedIn, Zappos, Evernote, Living Social or Adobe if it's
prudent to assume that no one will ever get hold of your password hashes.
One researcher was able to recover 80% (~140 million) of passwords from the
LinkedIn breach in a single day, they were using unsalted SHA1.

Regards
Scott

On 9 December 2016 at 02:17, Taher Alkhateeb <[hidden email]>
wrote:

comment

> >>>>>> was also discussed in the Jira by Pierre and Michael. It's about
> >>>>>> using PBDKF2 OOTB.
> >>>>>>
> >>>>>> After reading https://cryptosense.com/parameter-choice-for-pbkdf2/
> I
> >>>>>> think we should replace our current SHA1 default implementation by
> >>>>>> SHA-512 and increase PBKDF2_ITERATIONS to 10 000
> >>>>>>
> >>>>>> We should also provide new PBDKF2_SHA1 password data.
> >>>>>>
> >>>>>> As suggested by the article above, another step would be to use
> >>>>>> Argon https://password-hashing.net/
> >>>>>>
> >>>>>> What do you think?
> >>>>>>
> >>>>>> Jacques
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>
> >
> >
>

Jacques Le Roux

Re: Replace password encryption SHA-1 by SHA-512

Administrator

In reply to this post by Scott Gray-3

Thanks Scott

We are salting passwords* so we are a bit more secure. But yes, you are never too secure.

Adam explains here http://tinyurl.com/z8zrsoc in OFBIZ-1151 that salting OOTB seed data is another issue.

Note that in all cases the password would not change for users, only the hashes.
But yes the work done with OFBIZ-8537 does not include a tool for generating new hashes and we have not yet a tool to generate salted hashes when
releasing as suggested Adam.

Now, is that really a big deal? I don't think so because I guess/hope nobody is fool enough to use OOTB passwords and ashes. Especially for admin
user, even the name admin should not be used.

Nevertheless I think we should OOTB use SHA-512 instead of SHA-1 for our ashes (with now 10 000 iterations thanks to r1773066) even if not hashed.
This for the purpose of leading our users to the best solution.
We should also documenting it, eg by mentioning this thread and referring to https://cryptosense.com/parameter-choice-for-pbkdf2/ (to be maintained of
course, this area will evolve...)

I'll create a OFBIZ-8537 subtask for that

Jacques

*(since 2012[1], thanks Adam! And talked about it since 2010[2])
[1] http://svn.apache.org/viewvc?view=revision&revision=1327741 http://markmail.org/message/ljalfchlgrfwdz7k
[2] http://markmail.org/message/ai3o3c5nyu4uvonp

Le 14/12/2016 à 21:30, Scott Gray a écrit :

> Maybe ask LinkedIn, Zappos, Evernote, Living Social or Adobe if it's
> prudent to assume that no one will ever get hold of your password hashes.
> One researcher was able to recover 80% (~140 million) of passwords from the
> LinkedIn breach in a single day, they were using unsalted SHA1.
>
> Regards
> Scott
>
> On 9 December 2016 at 02:17, Taher Alkhateeb <[hidden email]>
> wrote:
>
>> I think the best solution in here is to actually parameterize the
>> encryption algorithm with a default backwards compatible choice (SHA1).
>>
>> However, I'm not sure that we do need that. SHA1 is okay I think, and it
>> has the most support out there in terms of libraries. Do we have any
>> history of people cracking passwords in OFBiz _because_ they are SHA1? I
>> mean for that to happen, I think not only does the password have to be
>> weak, but the attacker should have access to the database and be able to
>> retrieve the password hashes, which seems less likely to me.
>>
>> On Fri, Dec 9, 2016 at 12:06 PM, Michael Brohl <[hidden email]>
>> wrote:
>>
>>> I agree, Hans.
>>>
>>> A new implementation should be optional and not simply replace the old.
>>>
>>> Regards,
>>>
>>> Michael
>>>
>>> Am 09.12.16 um 03:12 schrieb Hans Bakker:
>>>
>>> What is the impact?
>>>> if people have to re-enter the password then it is not acceptable.
>>>>
>>>> it should be backwards compatible.
>>>>
>>>> Regards,
>>>> Hans
>>>>
>>>> On 08/12/16 16:33, Michael Brohl wrote:
>>>>
>>>>> Jacques,
>>>>>
>>>>> I have no time to think about it more so I would prefer to create a
>>>>> Jira, provide a patch and wait a few days for people to review.
>>>>>
>>>>> I see no need to hurry with this issue.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Michael
>>>>>
>>>>>
>>>>> Am 08.12.16 um 10:01 schrieb Jacques Le Roux:
>>>>>
>>>>>> OK, nobody expressed a concern so I'll apply a lazy consensus and
>>>>>> implement "SHA-512 and increase PBKDF2_ITERATIONS to 10 000"
>>>>>>
>>>>>> Else please express your concern now before I create a Jira for that
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>>
>>>>>> Le 05/12/2016 à 16:38, Jacques Le Roux a écrit :
>>>>>>
>>>>>>> Thanks Jinghai, indeed Argon does not seems to be implemented in
>>>>>>> available JDKs, maybe later...
>>>>>>>
>>>>>>> Jacques
>>>>>>>
>>>>>>>
>>>>>>> Le 05/12/2016 à 15:48, Shi Jinghai a écrit :
>>>>>>>
>>>>>>>> Hi Jacques,
>>>>>>>>
>>>>>>>> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt
>>>>>>>> of PBKDF2 is done by JDK, I don't know whether Argon has been
>>>>>>>> supported by JDK.
>>>>>>>>
>>>>>>>> Kind Regards,
>>>>>>>>
>>>>>>>> Shi Jinghai
>>>>>>>>
>>>>>>>> -----邮件原件-----
>>>>>>>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>>>>>>>> 发送时间: 2016年12月5日 22:24
>>>>>>>> 收件人: [hidden email]
>>>>>>>> 抄送: gregory draperi
>>>>>>>> 主题: Replace password encryption SHA-1 by SHA-512
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has
>>>>>>>> contributed a new PBDKF2_SHA* one way encryption for password
>>>>>>>>
>>>>>>>> At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has
>>>>>>>> committed it, I made few remarks on this commit, one of this comment
>>>>>>>> was also discussed in the Jira by Pierre and Michael. It's about
>>>>>>>> using PBDKF2 OOTB.
>>>>>>>>
>>>>>>>> After reading https://cryptosense.com/parameter-choice-for-pbkdf2/
>> I
>>>>>>>> think we should replace our current SHA1 default implementation by
>>>>>>>> SHA-512 and increase PBKDF2_ITERATIONS to 10 000
>>>>>>>>
>>>>>>>> We should also provide new PBDKF2_SHA1 password data.
>>>>>>>>
>>>>>>>> As suggested by the article above, another step would be to use
>>>>>>>> Argon https://password-hashing.net/
>>>>>>>>
>>>>>>>> What do you think?
>>>>>>>>
>>>>>>>> Jacques
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>
>>>

Jacques Le Roux

Re: Replace password encryption SHA-1 by SHA-512

Administrator

In reply to this post by taher

If we do OFBIZ-9150 then we will have a tool to create SHA-512 hashes from plain passwords words.

This tool could then be used in production to re-seed passwords, and possibly fields, hashes.

We would then use SHA-512 encryption as default and have a properties in security.properties to define the used encryption

If people prefer to keep less secure SHA1, that's their problem but it should not be the default for the community

For demo data I don't see any problems changing hashes to be SHA-512 hashed.

Jacques

Le 14/12/2016 à 21:44, Taher Alkhateeb a écrit :

> Ouch, didn't know that!
>
> So then perhaps a parameterized approach is prudent while maintaining
> backward compatibility. Might also give us the ability to add other
> algorithms in the future.
>
> On Dec 14, 2016 11:30 PM, "Scott Gray" <[hidden email]> wrote:
>
> Maybe ask LinkedIn, Zappos, Evernote, Living Social or Adobe if it's
> prudent to assume that no one will ever get hold of your password hashes.
> One researcher was able to recover 80% (~140 million) of passwords from the
> LinkedIn breach in a single day, they were using unsalted SHA1.
>
> Regards
> Scott
>
> On 9 December 2016 at 02:17, Taher Alkhateeb <[hidden email]>
> wrote:
>
>> I think the best solution in here is to actually parameterize the
>> encryption algorithm with a default backwards compatible choice (SHA1).
>>
>> However, I'm not sure that we do need that. SHA1 is okay I think, and it
>> has the most support out there in terms of libraries. Do we have any
>> history of people cracking passwords in OFBiz _because_ they are SHA1? I
>> mean for that to happen, I think not only does the password have to be
>> weak, but the attacker should have access to the database and be able to
>> retrieve the password hashes, which seems less likely to me.
>>
>> On Fri, Dec 9, 2016 at 12:06 PM, Michael Brohl <[hidden email]>
>> wrote:
>>
>>> I agree, Hans.
>>>
>>> A new implementation should be optional and not simply replace the old.
>>>
>>> Regards,
>>>
>>> Michael
>>>
>>> Am 09.12.16 um 03:12 schrieb Hans Bakker:
>>>
>>> What is the impact?
>>>> if people have to re-enter the password then it is not acceptable.
>>>>
>>>> it should be backwards compatible.
>>>>
>>>> Regards,
>>>> Hans
>>>>
>>>> On 08/12/16 16:33, Michael Brohl wrote:
>>>>
>>>>> Jacques,
>>>>>
>>>>> I have no time to think about it more so I would prefer to create a
>>>>> Jira, provide a patch and wait a few days for people to review.
>>>>>
>>>>> I see no need to hurry with this issue.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Michael
>>>>>
>>>>>
>>>>> Am 08.12.16 um 10:01 schrieb Jacques Le Roux:
>>>>>
>>>>>> OK, nobody expressed a concern so I'll apply a lazy consensus and
>>>>>> implement "SHA-512 and increase PBKDF2_ITERATIONS to 10 000"
>>>>>>
>>>>>> Else please express your concern now before I create a Jira for that
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>>
>>>>>> Le 05/12/2016 à 16:38, Jacques Le Roux a écrit :
>>>>>>
>>>>>>> Thanks Jinghai, indeed Argon does not seems to be implemented in
>>>>>>> available JDKs, maybe later...
>>>>>>>
>>>>>>> Jacques
>>>>>>>
>>>>>>>
>>>>>>> Le 05/12/2016 à 15:48, Shi Jinghai a écrit :
>>>>>>>
>>>>>>>> Hi Jacques,
>>>>>>>>
>>>>>>>> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt
>>>>>>>> of PBKDF2 is done by JDK, I don't know whether Argon has been
>>>>>>>> supported by JDK.
>>>>>>>>
>>>>>>>> Kind Regards,
>>>>>>>>
>>>>>>>> Shi Jinghai
>>>>>>>>
>>>>>>>> -----邮件原件-----
>>>>>>>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>>>>>>>> 发送时间: 2016年12月5日 22:24
>>>>>>>> 收件人: [hidden email]
>>>>>>>> 抄送: gregory draperi
>>>>>>>> 主题: Replace password encryption SHA-1 by SHA-512
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has
>>>>>>>> contributed a new PBDKF2_SHA* one way encryption for password
>>>>>>>>
>>>>>>>> At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has
>>>>>>>> committed it, I made few remarks on this commit, one of this
> comment
>>>>>>>> was also discussed in the Jira by Pierre and Michael. It's about
>>>>>>>> using PBDKF2 OOTB.
>>>>>>>>
>>>>>>>> After reading https://cryptosense.com/parameter-choice-for-pbkdf2/
>> I
>>>>>>>> think we should replace our current SHA1 default implementation by
>>>>>>>> SHA-512 and increase PBKDF2_ITERATIONS to 10 000
>>>>>>>>
>>>>>>>> We should also provide new PBDKF2_SHA1 password data.
>>>>>>>>
>>>>>>>> As suggested by the article above, another step would be to use
>>>>>>>> Argon https://password-hashing.net/
>>>>>>>>
>>>>>>>> What do you think?
>>>>>>>>
>>>>>>>> Jacques
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>
>>>

Jacques Le Roux

Re: Replace password encryption SHA-1 by SHA-512

Administrator

In reply to this post by Pierre Smits

I totally agree with Pierre, even if the risk is low, especially in backend which is usually Intranet though less and less with now smartphones, we
should not wait that a hacker find a way.

Jacques

Le 09/12/2016 à 10:20, Pierre Smits a écrit :

> Assume the worst...
>
> Best regards,
>
> Pierre Smits
>
> ORRTIZ.COM<http://www.orrtiz.com>
> OFBiz based solutions & services
>
> OFBiz Extensions Marketplace
> http://oem.ofbizci.net/oci-2/
>
> On Fri, Dec 9, 2016 at 10:17 AM, Taher Alkhateeb <[hidden email]
>> wrote:
>> I think the best solution in here is to actually parameterize the
>> encryption algorithm with a default backwards compatible choice (SHA1).
>>
>> However, I'm not sure that we do need that. SHA1 is okay I think, and it
>> has the most support out there in terms of libraries. Do we have any
>> history of people cracking passwords in OFBiz _because_ they are SHA1? I
>> mean for that to happen, I think not only does the password have to be
>> weak, but the attacker should have access to the database and be able to
>> retrieve the password hashes, which seems less likely to me.
>>
>> On Fri, Dec 9, 2016 at 12:06 PM, Michael Brohl<[hidden email]>
>> wrote:
>>
>>> I agree, Hans.
>>>
>>> A new implementation should be optional and not simply replace the old.
>>>
>>> Regards,
>>>
>>> Michael
>>>
>>> Am 09.12.16 um 03:12 schrieb Hans Bakker:
>>>
>>> What is the impact?
>>>> if people have to re-enter the password then it is not acceptable.
>>>>
>>>> it should be backwards compatible.
>>>>
>>>> Regards,
>>>> Hans
>>>>
>>>> On 08/12/16 16:33, Michael Brohl wrote:
>>>>
>>>>> Jacques,
>>>>>
>>>>> I have no time to think about it more so I would prefer to create a
>>>>> Jira, provide a patch and wait a few days for people to review.
>>>>>
>>>>> I see no need to hurry with this issue.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Michael
>>>>>
>>>>>
>>>>> Am 08.12.16 um 10:01 schrieb Jacques Le Roux:
>>>>>
>>>>>> OK, nobody expressed a concern so I'll apply a lazy consensus and
>>>>>> implement "SHA-512 and increase PBKDF2_ITERATIONS to 10 000"
>>>>>>
>>>>>> Else please express your concern now before I create a Jira for that
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>>
>>>>>> Le 05/12/2016 à 16:38, Jacques Le Roux a écrit :
>>>>>>
>>>>>>> Thanks Jinghai, indeed Argon does not seems to be implemented in
>>>>>>> available JDKs, maybe later...
>>>>>>>
>>>>>>> Jacques
>>>>>>>
>>>>>>>
>>>>>>> Le 05/12/2016 à 15:48, Shi Jinghai a écrit :
>>>>>>>
>>>>>>>> Hi Jacques,
>>>>>>>>
>>>>>>>> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt
>>>>>>>> of PBKDF2 is done by JDK, I don't know whether Argon has been
>>>>>>>> supported by JDK.
>>>>>>>>
>>>>>>>> Kind Regards,
>>>>>>>>
>>>>>>>> Shi Jinghai
>>>>>>>>
>>>>>>>> -----邮件原件-----
>>>>>>>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>>>>>>>> 发送时间: 2016年12月5日 22:24
>>>>>>>> 收件人:[hidden email]
>>>>>>>> 抄送: gregory draperi
>>>>>>>> 主题: Replace password encryption SHA-1 by SHA-512
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Athttps://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has
>>>>>>>> contributed a new PBDKF2_SHA* one way encryption for password
>>>>>>>>
>>>>>>>> Athttp://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has
>>>>>>>> committed it, I made few remarks on this commit, one of this comment
>>>>>>>> was also discussed in the Jira by Pierre and Michael. It's about
>>>>>>>> using PBDKF2 OOTB.
>>>>>>>>
>>>>>>>> After readinghttps://cryptosense.com/parameter-choice-for-pbkdf2/
>> I
>>>>>>>> think we should replace our current SHA1 default implementation by
>>>>>>>> SHA-512 and increase PBKDF2_ITERATIONS to 10 000
>>>>>>>>
>>>>>>>> We should also provide new PBDKF2_SHA1 password data.
>>>>>>>>
>>>>>>>> As suggested by the article above, another step would be to use
>>>>>>>> Argonhttps://password-hashing.net/
>>>>>>>>
>>>>>>>> What do you think?
>>>>>>>>
>>>>>>>> Jacques
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>

Pierre Smits

Re: Replace password encryption SHA-1 by SHA-512

Even though OFBiz is often protected through SSL it still uses a RDBMS
where the passwords are stored. If that is not setup properly, persons with
ill will can get access to the passwords of OFBiz users. And then it is
relatively easy to do the nasty.

Even though we can regard it an adopters prerogative to allow weak password
encryption, it will reflect badly on this project when we don't do our
utmost to ensure that the evil doers are obstructed to the max, as it will
fuel the critics.

Best regards

Pierre Smits

ORRTIZ.COM <http://www.orrtiz.com>
OFBiz based solutions & services

OFBiz Extensions Marketplace
http://oem.ofbizci.net/oci-2/

On Mon, Dec 19, 2016 at 8:10 AM, Jacques Le Roux <
[hidden email]> wrote:

> I totally agree with Pierre, even if the risk is low, especially in
> backend which is usually Intranet though less and less with now
> smartphones, we should not wait that a hacker find a way.
>
> Jacques
>
>
> Le 09/12/2016 à 10:20, Pierre Smits a écrit :
>
>> Assume the worst...
>>
>> Best regards,
>>
>> Pierre Smits
>>
>> ORRTIZ.COM<http://www.orrtiz.com>
>>
>> OFBiz based solutions & services
>>
>> OFBiz Extensions Marketplace
>> http://oem.ofbizci.net/oci-2/
>>
>> On Fri, Dec 9, 2016 at 10:17 AM, Taher Alkhateeb <
>> [hidden email]
>>
>>> wrote:
>>> I think the best solution in here is to actually parameterize the
>>> encryption algorithm with a default backwards compatible choice (SHA1).
>>>
>>> However, I'm not sure that we do need that. SHA1 is okay I think, and it
>>> has the most support out there in terms of libraries. Do we have any
>>> history of people cracking passwords in OFBiz _because_ they are SHA1? I
>>> mean for that to happen, I think not only does the password have to be
>>> weak, but the attacker should have access to the database and be able to
>>> retrieve the password hashes, which seems less likely to me.
>>>
>>> On Fri, Dec 9, 2016 at 12:06 PM, Michael Brohl<[hidden email]>
>>> wrote:
>>>
>>> I agree, Hans.
>>>>
>>>> A new implementation should be optional and not simply replace the old.
>>>>
>>>> Regards,
>>>>
>>>> Michael
>>>>
>>>> Am 09.12.16 um 03:12 schrieb Hans Bakker:
>>>>
>>>> What is the impact?
>>>>
>>>>> if people have to re-enter the password then it is not acceptable.
>>>>>
>>>>> it should be backwards compatible.
>>>>>
>>>>> Regards,
>>>>> Hans
>>>>>
>>>>> On 08/12/16 16:33, Michael Brohl wrote:
>>>>>
>>>>> Jacques,
>>>>>>
>>>>>> I have no time to think about it more so I would prefer to create a
>>>>>> Jira, provide a patch and wait a few days for people to review.
>>>>>>
>>>>>> I see no need to hurry with this issue.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Michael
>>>>>>
>>>>>>
>>>>>> Am 08.12.16 um 10:01 schrieb Jacques Le Roux:
>>>>>>
>>>>>> OK, nobody expressed a concern so I'll apply a lazy consensus and
>>>>>>> implement "SHA-512 and increase PBKDF2_ITERATIONS to 10 000"
>>>>>>>
>>>>>>> Else please express your concern now before I create a Jira for that
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Jacques
>>>>>>>
>>>>>>>
>>>>>>> Le 05/12/2016 à 16:38, Jacques Le Roux a écrit :
>>>>>>>
>>>>>>> Thanks Jinghai, indeed Argon does not seems to be implemented in
>>>>>>>> available JDKs, maybe later...
>>>>>>>>
>>>>>>>> Jacques
>>>>>>>>
>>>>>>>>
>>>>>>>> Le 05/12/2016 à 15:48, Shi Jinghai a écrit :
>>>>>>>>
>>>>>>>> Hi Jacques,
>>>>>>>>>
>>>>>>>>> Personally I'd prefer PBKDF2 rather than Argon, because the encrypt
>>>>>>>>> of PBKDF2 is done by JDK, I don't know whether Argon has been
>>>>>>>>> supported by JDK.
>>>>>>>>>
>>>>>>>>> Kind Regards,
>>>>>>>>>
>>>>>>>>> Shi Jinghai
>>>>>>>>>
>>>>>>>>> -----邮件原件-----
>>>>>>>>> 发件人: Jacques Le Roux [mailto:[hidden email]]
>>>>>>>>> 发送时间: 2016年12月5日 22:24
>>>>>>>>> 收件人:[hidden email]
>>>>>>>>> 抄送: gregory draperi
>>>>>>>>> 主题: Replace password encryption SHA-1 by SHA-512
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> Athttps://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has
>>>>>>>>> contributed a new PBDKF2_SHA* one way encryption for password
>>>>>>>>>
>>>>>>>>> Athttp://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has
>>>>>>>>> committed it, I made few remarks on this commit, one of this
>>>>>>>>> comment
>>>>>>>>> was also discussed in the Jira by Pierre and Michael. It's about
>>>>>>>>> using PBDKF2 OOTB.
>>>>>>>>>
>>>>>>>>> After readinghttps://cryptosense.com/parameter-choice-for-pbkdf2/
>>>>>>>>>
>>>>>>>> I
>>>
>>>> think we should replace our current SHA1 default implementation by
>>>>>>>>> SHA-512 and increase PBKDF2_ITERATIONS to 10 000
>>>>>>>>>
>>>>>>>>> We should also provide new PBDKF2_SHA1 password data.
>>>>>>>>>
>>>>>>>>> As suggested by the article above, another step would be to use
>>>>>>>>> Argonhttps://password-hashing.net/
>>>>>>>>>
>>>>>>>>> What do you think?
>>>>>>>>>
>>>>>>>>> Jacques
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>