Passwords are hashed client-side and server-side. Https should still be used in client server communication.

Client-side hashing must follow our specifications to ensure interoperability between multiple clients.

  • Passwords are salted with the username, the tenant name, and the top-level of the domain.
  • Salt ordering is user name, then tenant then top-level domain. No delimiters are used.
  • Passwords and salts are base 64 encoded.
  • Passwords are hashed using PBKDF2 with Hmac SHA1
  • Key stretching is 4096 iterations
  • Key size is 256.

Server-side hashing

  • Passwords are hashed using PBKDF2 with Hmac SHA1
  • Passwords are salted with a variable salt saved with the user account and containing 32 bytes.
  • For the first version, hashing is slowed using a fixed amount of key stretching of 4096 iterations. Because we do not know which hardware isis will be running on, we will save the key stretching with the password salt in preparation for making this stretch parameter configurable in a future version.
  • Passwords are also salted with a fixed salt (or so called "secret key") defined per tenant and saved with the tenant data. In future versions we should explore ways to make storage of the secret key more secure.
  • Hash comparisons are performed in length constant time.

Password strength enforcement is a client-side concern

  • In the first version, we do not store past passwords to prevent users from using old passwords.
  • The server does not check password strength.

References:

  • No labels