undefined | Better HN

0 pointsjedisct11y ago0 comments

hmac-bcrypt solves that problem very well, and should replace plain bcrypt: https://github.com/epixoip/hmac-bcrypt

0 comments

I don't think it's a good idea for people to adopt new bcrypt constructions so that they can use it to generate cache keys (or, worse, other keys).

(I need that "man standing up in the town hall meeting" meme for this.)

Just use a real KDF, if that's really what you want. I'm still confused what password-derived material is doing in a Redis key.

petedoyle1y ago

Maybe they wanted some cached data to get invalidated if users change their passwords?

duskwuff1y ago

Then use some other data which can act as a proxy for that, like the date of the last credential change. Using the password itself is a terrible security smell.

GoblinSlayer1y ago

By cache they mean cached credentials.

>The user previously authenticated creating a cache of the authentication

Maybe, it's a password encrypted secret token.

GoblinSlayer1y ago

On the other hand Redis on the server side makes more sense as an LDAP backup, but then mapping should be user id -> bcrypt hash.

earnestinger1y ago

Could you give an example of real KDF?

aaronmdjones1y ago

I'm not the person you're replying to, but HKDF and PBKDF2

pclmulqdq1y ago

HMAC-bcrypt is a more complicated version of the first construction I proposed, and it would need a rigorous cryptanalysis if someone wanted to actually use it in production. It sounds like Okta actually wanted PBKDF2(stuff) here.

An authentication company should have known this...

tptacek1y ago

I feel like the "authentication company should have known" thing is unuseful; most developers at "security" companies are just ordinary generalist developers. Ironically, I think they boned themselves by trying to be too clever here, not too casual.

smw1y ago

You don't think a company whose entire reason for being is providing security services for other companies should have designs related to authentication reviewed by security experts?

5 more replies

pclmulqdq1y ago

Being too clever and being too casual are the same thing when it comes to matters of math.

j / k navigate · click thread line to collapse

0 comments

tptacek1y ago

I don't think it's a good idea for people to adopt new bcrypt constructions so that they can use it to generate cache keys (or, worse, other keys).

(I need that "man standing up in the town hall meeting" meme for this.)

Just use a real KDF, if that's really what you want. I'm still confused what password-derived material is doing in a Redis key.

petedoyle1y ago

Maybe they wanted some cached data to get invalidated if users change their passwords?

duskwuff1y ago

Then use some other data which can act as a proxy for that, like the date of the last credential change. Using the password itself is a terrible security smell.

GoblinSlayer1y ago

By cache they mean cached credentials.

>The user previously authenticated creating a cache of the authentication

Maybe, it's a password encrypted secret token.

GoblinSlayer1y ago

On the other hand Redis on the server side makes more sense as an LDAP backup, but then mapping should be user id -> bcrypt hash.

earnestinger1y ago

Could you give an example of real KDF?

aaronmdjones1y ago

I'm not the person you're replying to, but HKDF and PBKDF2

pclmulqdq1y ago

An authentication company should have known this...

tptacek1y ago

smw1y ago

You don't think a company whose entire reason for being is providing security services for other companies should have designs related to authentication reviewed by security experts?

5 more replies

pclmulqdq1y ago

Being too clever and being too casual are the same thing when it comes to matters of math.

j / k navigate · click thread line to collapse