I would suggest that's the kind of thing which is unlikely to get merged, mainly for security reasons as someone could potentially configure it more wrong than other things. It's also only useful or relevant for nonstandard large deployments such as yourselves.
That said, sounds an interesting solution and would make a good library. However I'm not knowledgeable enough to say if it is a good idea from a security perspective.
Marc
--
You received this message because you are subscribed to the Google Groups "Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/5f384586-2183-46b7-a6a2-9ffd14caa3b0%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
On 19 Nov 2013, at 6:10 PM, Javier Guerra Giraldez wrote:
> but still you get only SHA1-level strength, when the whole idea was to
> switch to stronger crypto. if in your case SHA1 is enough, you can
> simply keep using it. if it's not enough, then you shouldn't be using
> it.
Well, it seems to me it's still an improvement over plain SHA1 password storage. If the attacker only has access to on-disk data (or backups, etc.), then you have BCrypt-level strength. If the attacker has access to memcached, then you only have SHA1-level strength, as you say.
I don't know what bitbucket's access pattern looks like, but how much less effective would this mixin be if you didn't use memcached (and just had an in-process, unshared password cache / memoized BCrypt)? If an attacker gains access to *that* cache, then they presumably also have access to the plaintext passwords coming from the users, so you haven't lost anything.
Another idea would be to store PBKDF2-with-lower-work-factor(salt+user+password) entries in the cache instead of using SHA1(...). This would let you tune the amount of security you're giving up vs. performance.