[2.1.0] Password encoding and play.api.libs.Crypto
352 views
Skip to first unread message
Alexandre Bertails
Feb 14, 2013, 12:06:30 PM2/14/13
to play-fr...@googlegroups.com
Hi there,
I'm wondering about the state of the Play2.1's Crypto API. I can't
find anything in the documentation so I'm looking at the source [1].
I'm wondering if the lack of documentation means that there is a plan
to deprecate (or just change) the API (or part of it) at some point.
Question: how stable is this API?
Also, I'm not an expert in crypto and security, so I'm wondering if
this is implementing what we think is now the state of the art for
storing encoded password. The intended usage may be different (Crypto
is used in the Http.scala). For example, I've found an old thread [2]
on this mailing list stating that "Crypto.passwordHash() is not secure
for hashing passwords", although I can't find passwordHash any longer.
Some people then advised (and proposed some code) that involves using
jBCrypt [3]. I've found similar concerns on the Web and Blowfish would
often be cited. Question: what is the Play Team's advice on these
concerns?
Last remark, I see two sets of functions in the Crypto API, one
involving HmacSHA1 and one with AES. The CryptoSpec [4] only
demonstrates the use of AES. I think I understand that I should use
Crypto.sign* and then the AES encrypt/decrypt functions to store user
passwords, but I'd like to know the rationale. Also, if this is the
case, maybe it would be good to add in the API a couple of dual
functions that would be specific to passwords and checking if they are
equal. That would dissipate many questions about how to use the Crypto
API. Question: where are these functions meant to be used?
Alexandre.
[1] https://github.com/playframework/Play20/blob/master/framework/src/play/src/main/scala/play/api/libs/Crypto.scala
[2] https://groups.google.com/forum/#!topic/play-framework/9KIUwWBjudQ/discussion
[3] http://www.mindrot.org/projects/jBCrypt/
[4] https://github.com/playframework/Play20/blob/master/framework/src/play/src/test/scala/play/api/libs/CryptoSpec.scala
I'm wondering about the state of the Play2.1's Crypto API. I can't
find anything in the documentation so I'm looking at the source [1].
I'm wondering if the lack of documentation means that there is a plan
to deprecate (or just change) the API (or part of it) at some point.
Question: how stable is this API?
Also, I'm not an expert in crypto and security, so I'm wondering if
this is implementing what we think is now the state of the art for
storing encoded password. The intended usage may be different (Crypto
is used in the Http.scala). For example, I've found an old thread [2]
on this mailing list stating that "Crypto.passwordHash() is not secure
for hashing passwords", although I can't find passwordHash any longer.
Some people then advised (and proposed some code) that involves using
jBCrypt [3]. I've found similar concerns on the Web and Blowfish would
often be cited. Question: what is the Play Team's advice on these
concerns?
Last remark, I see two sets of functions in the Crypto API, one
involving HmacSHA1 and one with AES. The CryptoSpec [4] only
demonstrates the use of AES. I think I understand that I should use
Crypto.sign* and then the AES encrypt/decrypt functions to store user
passwords, but I'd like to know the rationale. Also, if this is the
case, maybe it would be good to add in the API a couple of dual
functions that would be specific to passwords and checking if they are
equal. That would dissipate many questions about how to use the Crypto
API. Question: where are these functions meant to be used?
Alexandre.
[1] https://github.com/playframework/Play20/blob/master/framework/src/play/src/main/scala/play/api/libs/Crypto.scala
[2] https://groups.google.com/forum/#!topic/play-framework/9KIUwWBjudQ/discussion
[3] http://www.mindrot.org/projects/jBCrypt/
[4] https://github.com/playframework/Play20/blob/master/framework/src/play/src/test/scala/play/api/libs/CryptoSpec.scala
Will Sargent
Feb 14, 2013, 3:31:48 PM2/14/13
to play-fr...@googlegroups.com
You should always use bcrypt or hash stretching algorithms for passwords -- the HMAC crypto in Play is more suitable for checking that a session has not been tampered with.
Arstechnica has a series of articles that go into more detail and are well written, or check out play2startapp.
Will.
--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Will Sargent
Feb 14, 2013, 5:06:22 PM2/14/13
to play-fr...@googlegroups.com
Documentation (or just search on Arstechnica for "password"):
http://arstechnica.com/security/2012/08/hacked-blizzard-passwords-not-hard-to-crack/
http://arstechnica.com/security/2012/08/passwords-under-assault/
Play 2 starter application (in Java, but showing the principles):
https://github.com/yesnault/Play20StartApp
Will.
http://arstechnica.com/security/2012/08/hacked-blizzard-passwords-not-hard-to-crack/
http://arstechnica.com/security/2012/08/passwords-under-assault/
Play 2 starter application (in Java, but showing the principles):
https://github.com/yesnault/Play20StartApp
Will.
Daniel Manchester
Feb 14, 2013, 9:43:28 PM2/14/13
to play-fr...@googlegroups.com
Alexandre,
Will mentioned bcrypt... From the research I did, I concluded it's entirely sufficient on its own for the user-management scheme I'm implementing.
Thread [2] you listed is valuable background reading. One thing to note is that some of the complexity you see there comes from combining bcrypt with additional hashing. Basic bcrypt use needn't be any more complicated than what Jean-Francois included in his 3 Feb. 2012 post to the thread.
Regarding Jean-Francois's sample code, I should mention that the current download of jBCrypt seems to have moved the BCrypt class out of the "org.mindrot.jbcrypt" package and into the top-level, default one.
Oh, and you mentioned AES. As an encryption standard, it would allow recovery/decryption of a cleartext password from what you'd be storing, which generally isn't desirable. You'd want to stick with a one-way cryptographic technique like what bcrypt represents.
Dan
Will mentioned bcrypt... From the research I did, I concluded it's entirely sufficient on its own for the user-management scheme I'm implementing.
Thread [2] you listed is valuable background reading. One thing to note is that some of the complexity you see there comes from combining bcrypt with additional hashing. Basic bcrypt use needn't be any more complicated than what Jean-Francois included in his 3 Feb. 2012 post to the thread.
Regarding Jean-Francois's sample code, I should mention that the current download of jBCrypt seems to have moved the BCrypt class out of the "org.mindrot.jbcrypt" package and into the top-level, default one.
Oh, and you mentioned AES. As an encryption standard, it would allow recovery/decryption of a cleartext password from what you'd be storing, which generally isn't desirable. You'd want to stick with a one-way cryptographic technique like what bcrypt represents.
Dan
Alexandre Bertails
Feb 15, 2013, 2:16:48 PM2/15/13
to play-fr...@googlegroups.com
Thank you, Will and Daniel. jBCrypt [1] just works like a charm.
It would be good to have this information in the Play2 documentation
directly. At least, people should now be able to find this thread
using their favorite search engine :-)
Cheers,
Alexandre.
[1] http://www.mindrot.org/projects/jBCrypt/
It would be good to have this information in the Play2 documentation
directly. At least, people should now be able to find this thread
using their favorite search engine :-)
Cheers,
Alexandre.
[1] http://www.mindrot.org/projects/jBCrypt/
Reply all
Reply to author
Forward
0 new messages