[Twisted-Python] Password hash for Perspective Brokers

Thu Jul 26 10:28:33 EDT 2012

	Hello
	I have a problem with checkers in Twisted, which could be solved by
adding a new feature. I think I can write the necessary code, but before
doing so, I would like to hear you about it.

# The problem

	If I am right, the only way passwords can be hashed when using
authentication with perspective brokers is using MD5 [1]. However, there
are two flaws with it.

* First, MD5 is no longer considered sure. It may be possible, from the
hashed password, to find the original one.
* Second, in the current implementation of Twisted, no salt is used to
hash the password. A salt is considered good practise : it is harder to
find the password from the hashed form, and two identical passwords have
different hashed form, which prevent someone looking at the hashed
passwords to see if two users have the same password.

# A solution

	I tried to implement the solution proposed in [1], and I think I can
manage to do it. However, this seems to be a not-so-smart hack, which is
not guaranteed to work in future releases of Twisted. That is why I am
proposing a patch.

	The patch would introduce some arguments to class PBServerFactory [2]
to use (or not) a salt, and a different hash function. I am not settled
down yet about the new signature of this class, but what is sure is that
the default must be the actual behaviour, not to break programs already
using Twisted. Then, I hesitate between

* two arguments (salt, hash) : salt is a boolean, telling whether to use
a salt or not ; hash is the function used to hash the password;

* one argument, with possible values being "legacy", "crypt" or "glib2",
where:

** "legacy": current behaviour : hashed passwords are md5 hashed
passwords without salt;
** "crypt" : crypt [3] behaviour (I would like it to be compatible with
[4]): hashed passwords are strings where the first two characters are
the salt, and the following ones are the hashed password (using this salt);
** "glib2" : glib2 [5] behaviour: hashed password is of the form
$ID$SALT$HASH, where ID identifies the encryption method, SALT being the
salt, and HASH being the password, hashed using given encryption method
and salt.

# My implementation

	I have not implemented it yet, but I you think my idea is good, I offer
to write it. I think I have understood well enough the relevant pieces
of code to do so. Of course, I would also write the corresponding tests.

	Some ideas or comments ?
	Cheers,
	Louis

[1] http://markmail.org/message/wlzmeesplsriym2a
[2]
http://twistedmatrix.com/documents/current/api/twisted.spread.pb.PBServerFactory.html
[3] http://man7.org/linux/man-pages/man3/crypt.3.html
[4] http://www.giuseppetanzilli.it/mod_auth_pgsql2/#encrypted
[5] http://www.gnu.org/software/libc/manual/html_node/crypt.html#crypt