librelist archives

home // archives //

« back to archive

Password security

Password security

From:
Joe Esposito
Date:
2011-07-25 @ 03:20 
After reading this Stack Overflow

question<http://stackoverflow.com/questions/2235158/php-sha1-vs-md5-vs-sha256-which-to-use-for-a-php-login>,
I'm curious. What do others here use for password security?

The answer to the SO question is bcrypt and there's a Flask
extension<https://github.com/maxcountryman/flask-bcrypt> that
is similar to the Salted Passwords snippet<http://flask.pocoo.org/snippets/54/>
.

Recommendations?

Re: [flask] Password security

From:
Craig Younkins
Date:
2011-07-25 @ 04:25 
Accreditation: I've done computer security for a few years, first for
Tenable <http://www.tenable.com/solutions>, then OWASP <http://owasp.org>,
now for Google.

werkzeug.security uses SHA1 by default. This is not recommended because SHA1
was designed to be fast.

bcrypt *is* the way to go. It's designed to be slow, which is super
important for protecting against brute force attacks. It also has salting
built in. But as with any crypto system, the implementation can be tricky.
The flask extension you linked to is just a wrapper; it uses
an underlying bcrypt module. bcrypt is not in the standard library, but
there is py-bcrypt. py-bcrypt has not been vetted by
security professionals AFAIK. For that reason I'm a bit wary to use it, but
it is most likely completely safe. It says the crypto code is from BSD's
libc.

The only thing possibly better right now is scrypt, which also has a tunable
memory requirement. scrypt has not been examined as carefully by experts, so
I'm not sure I would recommend it.

That probably doesn't completely answer your question, but I hope it helps.

Craig Younkins


On Sun, Jul 24, 2011 at 8:20 PM, Joe Esposito <espo58@gmail.com> wrote:

> After reading this Stack Overflow 
question<http://stackoverflow.com/questions/2235158/php-sha1-vs-md5-vs-sha256-which-to-use-for-a-php-login>,
> I'm curious. What do others here use for password security?
>
> The answer to the SO question is bcrypt and there's a Flask 
extension<https://github.com/maxcountryman/flask-bcrypt> that
> is similar to the Salted Passwords snippet<http://flask.pocoo.org/snippets/54/>
> .
>
> Recommendations?
>
>

Re: [flask] Password security

From:
Max Countryman
Date:
2011-07-26 @ 10:41 
Craig is right, what I've written is a wrapper for py-bcrypt. It would 
seem the author of py-bcrypt in fact uses BSD crypto code directly, 
perhaps as a Python extension. For a discussion of the viability of the 
module, please check out this Hacker News thread: 
http://news.ycombinator.com/item?id=2654586

As far as I can tell py-bcrypt seems to be as close to the recommended 
implementation as possible. The author states his module is a wrapper for 
OpenBSD's Blowfish password hashing. So that being true, the module should
be fairly safe to use.


On Jul 25, 2011, at 12:25 AM, Craig Younkins wrote:

> Accreditation: I've done computer security for a few years, first for 
Tenable, then OWASP, now for Google.
> 
> werkzeug.security uses SHA1 by default. This is not recommended because 
SHA1 was designed to be fast.
> 
> bcrypt is the way to go. It's designed to be slow, which is super 
important for protecting against brute force attacks. It also has salting 
built in. But as with any crypto system, the implementation can be tricky.
The flask extension you linked to is just a wrapper; it uses an underlying
bcrypt module. bcrypt is not in the standard library, but there is 
py-bcrypt. py-bcrypt has not been vetted by security professionals AFAIK. 
For that reason I'm a bit wary to use it, but it is most likely completely
safe. It says the crypto code is from BSD's libc.
> 
> The only thing possibly better right now is scrypt, which also has a 
tunable memory requirement. scrypt has not been examined as carefully by 
experts, so I'm not sure I would recommend it.
> 
> That probably doesn't completely answer your question, but I hope it helps.
> 
> Craig Younkins
> 
> 
> On Sun, Jul 24, 2011 at 8:20 PM, Joe Esposito <espo58@gmail.com> wrote:
> After reading this Stack Overflow question, I'm curious. What do others 
here use for password security?
> 
> The answer to the SO question is bcrypt and there's a Flask extension 
that is similar to the Salted Passwords snippet.
> 
> Recommendations?
> 
>

Re: [flask] Password security

From:
Joe Esposito
Date:
2011-07-25 @ 19:19 
Thanks, that does help. If SHA1 is no good, would it be in everyone's
interest to have Werkzeug use bcrypt as its default instead?

Also, does bcrypt (or scrypt) have a max digest length?
I was trying to figure out what size the DB column should be earlier. (SHA1 is
160 bits <http://en.wikipedia.org/wiki/SHA-1#The_SHA-1_hash_function>, for
example.)

Password security seems so easy to get
wrong<http://en.wikipedia.org/wiki/There_are_known_knowns>
.

On Mon, Jul 25, 2011 at 12:25 AM, Craig Younkins <cyounkins@gmail.com>wrote:

> Accreditation: I've done computer security for a few years, first for
> Tenable <http://www.tenable.com/solutions>, then OWASP <http://owasp.org>,
> now for Google.
>
> werkzeug.security uses SHA1 by default. This is not recommended because
> SHA1 was designed to be fast.
>
> bcrypt *is* the way to go. It's designed to be slow, which is super
> important for protecting against brute force attacks. It also has salting
> built in. But as with any crypto system, the implementation can be tricky.
> The flask extension you linked to is just a wrapper; it uses
> an underlying bcrypt module. bcrypt is not in the standard library, but
> there is py-bcrypt. py-bcrypt has not been vetted by
> security professionals AFAIK. For that reason I'm a bit wary to use it, but
> it is most likely completely safe. It says the crypto code is from BSD's
> libc.
>
> The only thing possibly better right now is scrypt, which also has a
> tunable memory requirement. scrypt has not been examined as carefully by
> experts, so I'm not sure I would recommend it.
>
> That probably doesn't completely answer your question, but I hope it helps.
>
> Craig Younkins
>
>
>
> On Sun, Jul 24, 2011 at 8:20 PM, Joe Esposito <espo58@gmail.com> wrote:
>
>> After reading this Stack Overflow 
question<http://stackoverflow.com/questions/2235158/php-sha1-vs-md5-vs-sha256-which-to-use-for-a-php-login>,
>> I'm curious. What do others here use for password security?
>>
>> The answer to the SO question is bcrypt and there's a Flask 
extension<https://github.com/maxcountryman/flask-bcrypt> that
>> is similar to the Salted Passwords snippet<http://flask.pocoo.org/snippets/54/>
>> .
>>
>> Recommendations?
>>
>>
>

Re: [flask] Password security

From:
Wael Orabi
Date:
2011-07-26 @ 04:11 
how slow is bcrypt?
would it still be suitable to use on, say, a login without the user feeling
any significant difference?
--w



On Mon, Jul 25, 2011 at 10:19 PM, Joe Esposito <espo58@gmail.com> wrote:

> Thanks, that does help. If SHA1 is no good, would it be in everyone's
> interest to have Werkzeug use bcrypt as its default instead?
>
> Also, does bcrypt (or scrypt) have a max digest length?
> I was trying to figure out what size the DB column should be earlier. (SHA1
> is 160 bits <http://en.wikipedia.org/wiki/SHA-1#The_SHA-1_hash_function>,
> for example.)
>
> Password security seems so easy to get 
wrong<http://en.wikipedia.org/wiki/There_are_known_knowns>
> .
>
> On Mon, Jul 25, 2011 at 12:25 AM, Craig Younkins <cyounkins@gmail.com>wrote:
>
>> Accreditation: I've done computer security for a few years, first for
>> Tenable <http://www.tenable.com/solutions>, then OWASP <http://owasp.org>,
>> now for Google.
>>
>> werkzeug.security uses SHA1 by default. This is not recommended because
>> SHA1 was designed to be fast.
>>
>> bcrypt *is* the way to go. It's designed to be slow, which is super
>> important for protecting against brute force attacks. It also has salting
>> built in. But as with any crypto system, the implementation can be tricky.
>> The flask extension you linked to is just a wrapper; it uses
>> an underlying bcrypt module. bcrypt is not in the standard library, but
>> there is py-bcrypt. py-bcrypt has not been vetted by
>> security professionals AFAIK. For that reason I'm a bit wary to use it, but
>> it is most likely completely safe. It says the crypto code is from BSD's
>> libc.
>>
>> The only thing possibly better right now is scrypt, which also has a
>> tunable memory requirement. scrypt has not been examined as carefully by
>> experts, so I'm not sure I would recommend it.
>>
>> That probably doesn't completely answer your question, but I hope it
>> helps.
>>
>> Craig Younkins
>>
>>
>>
>> On Sun, Jul 24, 2011 at 8:20 PM, Joe Esposito <espo58@gmail.com> wrote:
>>
>>> After reading this Stack Overflow 
question<http://stackoverflow.com/questions/2235158/php-sha1-vs-md5-vs-sha256-which-to-use-for-a-php-login>,
>>> I'm curious. What do others here use for password security?
>>>
>>> The answer to the SO question is bcrypt and there's a Flask 
extension<https://github.com/maxcountryman/flask-bcrypt> that
>>> is similar to the Salted Passwords 
snippet<http://flask.pocoo.org/snippets/54/>
>>> .
>>>
>>> Recommendations?
>>>
>>>
>>
>

Re: [flask] Password security

From:
Simon Sapin
Date:
2011-07-26 @ 06:12 
Le 26/07/2011 06:11, Wael Orabi a écrit :
> how slow is bcrypt?
> would it still be suitable to use on, say, a login without the user
> feeling any significant difference?

Hi,

I never used bcrypt myself but from what I read, the point is that you 
can choose how slow it is. You can adjust it so that it is just fast 
enough for users not to notice, and change that parameter over time as 
computers becomes more powerful.

Regards,
-- 
Simon Sapin

Re: [flask] Password security

From:
Amirouche Boubekki
Date:
2011-07-26 @ 19:32 
We use bcrypt now on the new liberation.fr platform.

2011/7/26 Simon Sapin <simon.sapin@exyr.org>

> Le 26/07/2011 06:11, Wael Orabi a écrit :
> > how slow is bcrypt?
> > would it still be suitable to use on, say, a login without the user
> > feeling any significant difference?
>
> Hi,
>
> I never used bcrypt myself but from what I read, the point is that you
> can choose how slow it is. You can adjust it so that it is just fast
> enough for users not to notice, and change that parameter over time as
> computers becomes more powerful.
>
> Regards,
> --
> Simon Sapin
>

Re: [flask] Password security

From:
Max Countryman
Date:
2011-07-27 @ 10:22 
Amirouche,

I assume that's a Flask application? How have you implemented bcrypt? Are 
you using py-bcrypt or another Python wrapper or something else 
altogether?


Regards,

Max

On Jul 26, 2011, at 3:32 PM, Amirouche Boubekki wrote:

> We use bcrypt now on the new liberation.fr platform.
> 
> 2011/7/26 Simon Sapin <simon.sapin@exyr.org>
> Le 26/07/2011 06:11, Wael Orabi a écrit :
> > how slow is bcrypt?
> > would it still be suitable to use on, say, a login without the user
> > feeling any significant difference?
> 
> Hi,
> 
> I never used bcrypt myself but from what I read, the point is that you
> can choose how slow it is. You can adjust it so that it is just fast
> enough for users not to notice, and change that parameter over time as
> computers becomes more powerful.
> 
> Regards,
> --
> Simon Sapin
>

Re: [flask] Password security

From:
Joe Esposito
Date:
2011-08-02 @ 16:10 
I'd also be very interested in knowing what your Flask app uses. Bcrypt with
py-bcrypt? Or something else?

On Wed, Jul 27, 2011 at 6:22 AM, Max Countryman <maxc@me.com> wrote:

> Amirouche,
>
> I assume that's a Flask application? How have you implemented bcrypt? Are
> you using py-bcrypt or another Python wrapper or something else altogether?
>
>
> Regards,
>
> Max
>
> On Jul 26, 2011, at 3:32 PM, Amirouche Boubekki wrote:
>
> We use bcrypt now on the new liberation.fr platform.
>
> 2011/7/26 Simon Sapin <simon.sapin@exyr.org>
>
>> Le 26/07/2011 06:11, Wael Orabi a écrit :
>> > how slow is bcrypt?
>> > would it still be suitable to use on, say, a login without the user
>> > feeling any significant difference?
>>
>> Hi,
>>
>> I never used bcrypt myself but from what I read, the point is that you
>> can choose how slow it is. You can adjust it so that it is just fast
>> enough for users not to notice, and change that parameter over time as
>> computers becomes more powerful.
>>
>> Regards,
>> --
>> Simon Sapin
>>
>
>
>

Re: [flask] Password security

From:
Wael Orabi
Date:
2011-07-26 @ 06:30 
Thanks, that makes sense
--w



On Tue, Jul 26, 2011 at 9:12 AM, Simon Sapin <simon.sapin@exyr.org> wrote:

> Le 26/07/2011 06:11, Wael Orabi a écrit :
> > how slow is bcrypt?
> > would it still be suitable to use on, say, a login without the user
> > feeling any significant difference?
>
> Hi,
>
> I never used bcrypt myself but from what I read, the point is that you
> can choose how slow it is. You can adjust it so that it is just fast
> enough for users not to notice, and change that parameter over time as
> computers becomes more powerful.
>
> Regards,
> --
> Simon Sapin
>

Archives based on code by Armin Ronacher //