Skip to content

consider bcrypt or yescrypt for password hashing after bullseye upgrade

in #30608 (closed) we were forced to downgrade to SHA for hashing our (mail) passwords. that's really too bad, and it's basically only because crypt(3) doesn't support bcrypt or better (yescrypt!) in Debian buster.

once we're upgraded (basically everywhere, but we could do it only on the submission server for starters), implement the logic to build bcrypt-specific (or yescrypt?) in userdir-ldap-cgi. the caller is in update.cgi (grep for Salt) and the definition is in Util.pm. we should probably create a new function for more complex salts like bcrypt and yescrypt because the actual "settings" (what comes after $y$) are not exactly similar than for md5/sha (e.g. salts are separated from the hashed password with $ in SHA, not so in bcrypt, from what i understand.

in any case, this needs experimentation. this is the code i had for bcrypt:

my $bcrypt = Digest->new('Bcrypt', cost=>12, salt=>rand_bits(16*8));
my $hashed_password = crypt($password, $bcrypt->settings());

note that I don't actually trust rand_bits anymore, after reading the Data::Entropy::Algorithms documentation. turns out it relies on Data::Entropy and that says:

If nothing is done to set a source then it defaults to the use of Rijndael (AES) in counter mode (see Data::Entropy::RawSource::CryptCounter and Crypt::Rijndael), keyed using Perl's built-in rand function. This gives a data stream that looks like concentrated entropy, but really only has at most the entropy of the rand seed. Within a single run it is cryptographically difficult to detect the correlation between parts of the pseudo-entropy stream. If more true entropy is required then it is necessary to configure a different entropy source.

And then rand() says:

rand is not cryptographically secure. You should not rely on it in security-sensitive situations. As of this writing, a number of third-party CPAN modules offer random number generators intended by their authors to be cryptographically secure, including: Data::Entropy, Crypt::Random, Math::Random::Secure, and Math::TrulyRandom.

and now we have inception. brilliant.