https://issues.apache.org/bugzilla/show_bug.cgi?id=53785
Priority: P2 Bug ID: 53785 Assignee: dev@tomcat.apache.org Summary: Modern password hashing for built-in Realms Severity: enhancement Classification: Unclassified OS: All Reporter: da...@leppik.net Hardware: All Status: NEW Version: unspecified Component: Catalina Product: Tomcat 6 Password-based authentication for the built-in realms can currently use three digestion algorithms from the java.security.MessageDigest class (SHA, MD2, or MD5). All of these are out of date*, and each Realm implementation does its own comparison of the password to the saved digest. [*It's not clear whether Java's SHA is SHA-1 or one of the SHA-2 algorithms. SHA-1 is obsolete; SHA-2, potentially less so.] I recently created my own custom Realm in order to support bcrypt. While I do not claim that bcrypt is the right algorithm for everyone, it is a much better default than the current built-in options-- so Tomcat should offer it. However, rather than being a general purpose hash function, bcrypt a one-way hash designed for passwords. The salt is built into the hash in such a way that it can't be extracted. That is to say, you can't say: if ( bcrypt.hash(password1) == bcrypt.hash(password2) ) log("Passwords match"); because every time you hash a password, you get a different result. This is a security feature, since novices won't mismanage the salt. Instead, you call: String hash = BCrypt.hashpw("hello"); // To hash, not to check if (BCrypt.checkpw(passwordFromLoginForm, savedPasswordHash)) log("Passwords match"); This example uses the JBCrypt implementation at http://www.mindrot.org/projects/jBCrypt/ Like I said, I don't think BCrypt is the right solution for every user. See http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html and http://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage Also note that NIST will recommend a new secure hashing algorithm soon ( http://csrc.nist.gov/groups/ST/hash/timeline.html ) although that will be a general purpose cryptographic hash function, not an out-of-the-box password hash format like bcrypt. Instead, I propose that we make three (or four) changes: 1. Update all applicable subclasses of RealmBase to call a new method, RealmBase.checkDigest(String credentials, String savedHash), instead of each implementation doing a string comparison against the realms. 2. Implement RealmBase.checkDigest with the following rules: a. If digest == null, implement the current string comparison. b. If digest is "SHA", "MD2", or "MD5", compare with the current algorithm. c. If digest is the name of a Java class, try calling checkPassword(credentials, savedHash) on the class, both as a static method and on an instance created with no constructor arguments. 3. (Depending on legal issues) Bundle Tomcat with JBCrypt, thus providing a secure hash out of the box. 4. Write unit tests and documentation and update Tomcat 7+ with the new code. Of course, we could jump ahead and implement this in Tomcat 8, since this is a public API change. I will check with my boss to see if I can take the time to implement this. Of course, I'd prefer to get feedback before I go ahead with it. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org