Opened 10 years ago

Closed 14 months ago

#10813 closed enhancement (invalid)

[with patch] Secure password hashing in Sage notebook

Reported by: jjh Owned by: jason, mpatel, was
Priority: minor Milestone: sage-duplicate/invalid/wontfix
Component: notebook Keywords:
Cc: kcrisman, jhpalmieri Merged in:
Authors: Jonathan Hunt Reviewers:
Report Upstream: N/A Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Status badges


I recently noticed that when creating passwords for the Sage notebook they are hashed using the Unix crypt function and with a constant salt (hardcoded). This is unsecure for several reasons. Many implementations of crypt use partially-broken hash functions (such as md5) and the use of a constant salt accentuates this problem because it means that the salt is the same for every password. Exploits on these flawed hash functions are becoming increasingly practical.

It may be argued that Sage notebook is not designed to be ultra-secure. However, many people re-use passwords and so they may be exposing their password details for more important systems. It seems ironic that a maths package with a focus of number theory should use poor-quality cryptography functions.

The patch below modifies the Sage notebook to use a standard of password generation known as PBKDF2. I used a freely-available python implementation and modified it in two ways. Firstly, I modified the password hashing to use SHA512 rather than SHA1 since if we're going to be secure we may as well be as secure as possible. Additionally, I modified the library so that if passed a salt it doesn't recognise it falls back to the Unix crypt library. This means it can be used as a drop-in replacement for crypt and old passwords will continue to work. When users update their passwords (or new users are created) they will now be stored significantly more safely with an independent random hash for each password.

This patch adds one new python file and makes a few modifications to to use the new hashing functions. Additionally, some doctests in dependended on the implementation of the hash function so I modified them. No new external dependencies are created (everything is pure python libraries).

An additional advantage is that the password hashes are now system independent, so that if someone wanted to transfer the list of users between machines the password hashes will continue to work even if the system crypt function is changed (as some Linux distribution have done).

I am not a crytography expert so if someone wiser wanted to take a look over the code that wouldn't hurt at all (I am reasonably confident that, at a minimum, this patch is no less secure than the crypt function with constant salt).

Attachments (1)

secure-password-hashing.patch (19.3 KB) - added by jjh 10 years ago.

Download all attachments as: .zip

Change History (5)

Changed 10 years ago by jjh

comment:1 Changed 10 years ago by jjh

  • Summary changed from Secure password hashing in Sage notebook to [with patch] Secure password hashing in Sage notebook

comment:2 Changed 14 months ago by chapoton

  • Cc kcrisman jhpalmieri added
  • Milestone set to sage-duplicate/invalid/wontfix
  • Status changed from new to needs_review

ancient ticket about deprecated sagenb, can we close ?

comment:3 Changed 14 months ago by kcrisman

  • Status changed from needs_review to positive_review

comment:4 Changed 14 months ago by chapoton

  • Resolution set to invalid
  • Status changed from positive_review to closed


Note: See TracTickets for help on using tickets.