Hydra: upgrade hashes to Argon2

In collaboration between https://www.floxdev.com/ and https://determinate.systems/, I’ve closed one of Hydra’s longest standing open issues. Hydra has for a long time stored passwords hashed with unsalted sha1. Once my PR merges, Hydra will use Argon2 for all new passwords and existing sha1 hashes will be upgraded to Argon2 transparently.

I recommend having all of your users logging in to have their hashes upgraded as soon as possible, and it would be prudent to have them change their passwords as well.


Do you know if and how this interacts with LDAP login?

Reading the LDAP login code, it apparently sets the password in the database to !, so… idk if that does anything?

This should have no impact on LDAP, the authentication codepaths ignore the dbic “realm” when authenticating with LDAP. I checked that the integrated LDAP test passes, since I was worried about that too.

1 Like

From a quick look at the PR is looks like users will be upgraded on first successful login after the deployment. You may find yourself with old style passwords hanging around in your database for a long time for people who don’t log in regularly.

An approach I used in a similar situation a while back is to use argon2 with the currently stored sha1 hash and save that result. Validation of older passwords becomes (simplifying a little here)L constant_time_compare(stored_hash, argon2(sha1(plaintext))).

This gives the same level of protection as direct argon2 in the event of a data leak. It does add a little complexity in validating older passwords, but depending on the situation it may be worth it. You can then either store a flag so you know what type of comparison to make, or fall back to assuming it’s been sha1 encoded first in the event of a failure. Though I would favour the flag method. Still upgrade them to direct argon2 when a successful authentication happes for consistency.

You can apply this if and when you need it later on. Just something you may want to consider if you haven’t already.

1 Like

Thank you for pointing this out, @wkral ! I found identical advice on the OWASP page. I submitted, merged, and deployed a PR implementing this: Rehash existing sha1 passwords with Argon2 by grahamc · Pull Request #916 · NixOS/hydra · GitHub Thank you!

Excellent, glad to be of help. I couldn’t remember where I picked it up from, but for all I can remember it might have been that same article.

1 Like