Opened 19 months ago

Last modified 2 months ago

#27468 assigned Cleanup/optimization

Move utils.crypto.salted_hmac() from SHA1 toward SHA256

Reported by: Tim Graham Owned by: Srinivas Reddy Thatiparthy
Component: Utilities Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

The salted_hmac() function uses SHA-1 in two places, for key derivation and as the hash function of the HMAC algorithm. HMAC-SHA1 is still considered secure, but it would be nice to move toward SHA256. Some work is needed to ensure backward compatibility (like we've done with password storage).

Ramifications:

  • Changing the algorithm will make all the old HMACs invalid. This means that when users upgrade, old sessions, signed cookies, and session authentication hashes will be rejected as invalid and replaced (hence the need for a backwards-compatibility layer of some sort).
  • SHA-256 is slower than SHA-1, though hopefully no Django servers are bottlenecked on hashing speed.

Thanks Predrag Gruevski (obi1kenobi on Github) for the report.

Change History (5)

comment:1 Changed 17 months ago by R Sriranganathan

Owner: changed from nobody to R Sriranganathan
Status: newassigned

comment:2 Changed 10 months ago by Srinivas Reddy Thatiparthy

Owner: changed from R Sriranganathan to Srinivas Reddy Thatiparthy

comment:3 Changed 10 months ago by Srinivas Reddy Thatiparthy

A WIP PR has been raised here - https://github.com/django/django/pull/8773

comment:4 Changed 2 months ago by Asif Saifuddin Auvi

Has patch: set

comment:5 Changed 2 months ago by Carlton Gibson

Needs tests: set
Patch needs improvement: set

There are a number of review comments (from multiple reviewers) on the PR that need to be addressed in order to move this patch forwards.

Note: See TracTickets for help on using tickets.
Back to Top