Tryton - Issues

 

Issue7780

Title Allow to HMAC password hash
Priority feature Status chatting
Superseder Nosy List ced
Type feature request Components trytond
Assigned To Keywords
Reviews

Created on 2018-10-10.13:27:13 by ced, last changed by ced.

Messages
msg44385 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2018-10-10.13:30:38
This HMAC should also be applied on the session.
And for performance reason, we should keep a cache of valid signature to avoid reading the secret key on the filesystem on each request.

Also we could make this feature a generic tool to sign any value in the database.
msg44384 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2018-10-10.13:27:12
I followed this talk: https://talks.m4dz.net/crypto-pour-les-devs/#32
And the speaker advise to HMAC the password hash with a secret key to ensure that in case of SQL injection, replacing the hash and salt does not work.
The difficulty is to store the HMAC key in a secure way. The best is to use dedicated hardware but indeed by storing it just on the filesystem, it is already quiet effective. So I propose to have by default a way to HMAC using a secret on the filesystem and use the standard hmac module but the API must be generic enough to allow to use product like YubiHSM2 [1].

[1] https://developers.yubico.com/YubiHSM2/
History
Date User Action Args
2018-10-10 13:30:38cedsetstatus: unread -> chatting
messages: + msg44385
2018-10-10 13:27:13cedcreate

Showing 10 items. Show all history (warning: this could be VERY long)