diff options
author | Yorhel <git@yorhel.nl> | 2014-10-15 14:20:56 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2014-10-15 14:20:56 +0200 |
commit | 6e0a0e1d00e11da9b4eab2163e19314f752b05b5 (patch) | |
tree | a65e4b62d81d395c9988f7045b4e83deec8b2485 /util/sql | |
parent | 13e967810a8b336164d22167bb047ad1dbb5a836 (diff) |
Use scrypt for new password hashes
I increased the N parameter to approximate about 500ms to generate the
hash. This is quite a paranoid setting for a website, but login attempts
are throttled so there's not much of a DoS factor. (Alright, password
changing feature isn't throttled so the DoS factor still exists. But
really, there's some pages with longer page generation times anyway.)
I did lower the size of the salt a bit (Crypt::ScryptKDF uses 256 bits
by default), because 64 bits of randomness should have low enough chance
of collision with only ~100k users (even with a million users,
seriously).
Diffstat (limited to 'util/sql')
-rw-r--r-- | util/sql/schema.sql | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/util/sql/schema.sql b/util/sql/schema.sql index 09b334f9..32561dc9 100644 --- a/util/sql/schema.sql +++ b/util/sql/schema.sql @@ -368,9 +368,15 @@ CREATE TABLE users ( -- First 9 bytes: salt (ASCII) -- Latter 20 bytes: sha1(hex(token) + salt) -- 'token' is a sha1 digest obtained from random data. - -- * 41 bytes: Hashed/salted password + -- * 41 bytes: sha256 password -- First 9 bytes: salt (ASCII) -- Latter 32 bytes: sha256(global_salt + password + salt) + -- * 46 bytes: scrypt password + -- 4 bytes: N (big endian) + -- 1 byte: r + -- 1 byte: p + -- 8 bytes: salt + -- 32 bytes: scrypt(passwd, global_salt + salt, N, r, p, 32) -- * Anything else: Invalid, account disabled. passwd bytea NOT NULL DEFAULT '', registered timestamptz NOT NULL DEFAULT NOW(), |