Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Journalist passphrases should be hashed with Argon2id instead of Argon2i #6655

Closed
legoktm opened this issue Oct 19, 2022 · 5 comments · Fixed by #6657
Closed

Journalist passphrases should be hashed with Argon2id instead of Argon2i #6655

legoktm opened this issue Oct 19, 2022 · 5 comments · Fixed by #6657
Assignees
@legoktm
Labels
security
Milestone
SecureDrop 2.6.0

Comments

@legoktm
Copy link
Member

legoktm commented Oct 19, 2022

Originally filed as https://github.com/freedomofpress/securedrop-security/issues/86

We currently use Argon2i to encrypt journalist passphrases:

sqlite> select passphrase_hash from journalists;
$argon2i$v=19$m=65536,t=4,p=2$otS6V+rd29u79z6nFAJAaA$fWn/7La/sHiQAM7YPOLo5Q
$argon2i$v=19$m=65536,t=4,p=2$VAoBIMSY8957T6lVCsFYKw$Z8vGfVR/P87pNqmn0oz/yg
$argon2i$v=19$m=65536,t=4,p=2$Quj9H4PwntPau5fSOgdgjA$qzvLuOzgN86ITlpdepFiJQ

However, Argon2id is what's recommended these days, this SO answer goes into depth and summarizes with:

In short: use Argon2id if you can, use Argon2d in almost every other case, consider Argon2i if you really do need memory side-channel attack resistance.

Part of the issue here is that we fell behind on upgrading passlib. The latest version of it uses Argon2id by default (our argon2-cffi version already defaults to id).
@legoktm legoktm added this to the 2.6.0 milestone Oct 19, 2022
@legoktm legoktm self-assigned this Oct 19, 2022
@legoktm
Copy link
Member Author

legoktm commented Oct 19, 2022

@lsd-cat wrote:

The is definitely low priority, as our passphrase scheme is safe enough anyway, however of course we better keep updated with the latest standard. Did we do any hash migration in the past? If not how do we want to handle that?

@legoktm
Copy link
Member Author

legoktm commented Oct 19, 2022

@legoktm wrote:

The last password migration we did added a new column and did the rehashing whenever the user logged in (freedomofpress/securedrop#3506)

I think can do roughly the same thing by just looking at the hash prefix, I wrote some pseudo-code at freedomofpress/securedrop#6631 (public ticket for dropping the passlib dependency). I think it makes sense to tackle both tickets at the same time.

Given that this is low priority, is it OK to disclose and patch publicly? Or keep it private until close-to-release time? (not 2.5.0 to be clear)

@legoktm
Copy link
Member Author

legoktm commented Oct 19, 2022

@lsd-cat wrote:

I will double check the migration code this week, ok from me to go publicly with it :)

@legoktm
Copy link
Member Author

legoktm commented Oct 19, 2022

@lsd-cat wrote:

+1 in dropping passlib given our use case!

@legoktm
Copy link
Member Author

legoktm commented Oct 19, 2022

@L3th3 wrote:

Also +1 for moving towards argon2id and argon2-cffi. The passlib issues section made me cry 😭

@legoktm legoktm mentioned this issue Oct 19, 2022
Closed
@legoktm legoktm mentioned this issue Oct 19, 2022
Merged
7 tasks
@eaon eaon closed this as completed in ff82e93 Oct 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@legoktm legoktm

Labels
security
Projects
None yet
Milestone
SecureDrop 2.6.0
Development

Successfully merging a pull request may close this issue.

Drop passlib, switch to argon2id hashes freedomofpress/securedrop
1 participant
@legoktm