Provide alternative for MD5 hashing in remember me token #8549
Comments
islamazhar
added
status: waiting-for-triage
|
Thanks for creating this issue. In modern applications, I'd recommend using Spring Session's Remember Me support which allows you to easily offload the session into a data store without the need for cryptography. I do agree that MD5 is not a good choice. Would you like to provide a pull request that provides the option to use SHA-256? |
rwinch
added
in: web
|
Hello @islamazhar thanks for raising this issue. Hello @rwinch I have raised the PR for the fix. I have updated the tests as well. Please check the PR (#8591). This is my first PR in any Open Source project. Happy to start my journey in the security field I love the most!! |
|
Hi @rwinch it would be great if you can a look at the PR. I am excited to add my first contribution |
|
@aswinmahendiran There is a duplicate PR #8580 (I have requested changes on it) Can you work with @islamazhar on which of you is sending a PR? |
A hashing algorithm property is added to TokenBasedRememberMeServices to choose which algorithm is used when creating new Remember Me tokens. This implementation is intended to preserve compatibility both with Remember Me tokens that do not specify a hashing algorithm, and with subclasses of TokenBasedRememberMeServices. Closes spring-projectsgh-8549
|
@islamazhar @aswinmahendiran not sure if either of you are still interested in this issue, but I have a PR at #9392 that supports SHA256 tokens without changing the existing behavior and allows for a future change of the default algorithm. I tried to update relevant parts of the documentation and tests accordingly. |
A hashing algorithm property is added to TokenBasedRememberMeServices to choose which algorithm is used when creating new Remember Me tokens. This implementation is intended to preserve compatibility both with Remember Me tokens that do not specify a hashing algorithm, and with subclasses of TokenBasedRememberMeServices. Closes spring-projectsgh-8549
|
Given this is a breaking change we should consider it for 6.0.x or close it |
marcusdacoregio
changed the title
github-actions
bot
added
the
status: backported
Expected Behavior
To hash passwords and secret keys a secure hashing algorithm (e.g., SHA256) should be used.
Current Behavior
The current
Simple Hash-Based Token Approachuses MD5 hash digest for hashingpasswordandsecret-keyinRemember-Me Authentication.Corresponding Javadoc link and source code link
Context
MD5 is already proven to be a weak hashing algorithm and vulnerable against collision attacks [1] and modular differential attacks [2]. Hence I suggest using a secure hashing algorithm such as SHA-256 instead of already broken MD5 for
remember me token.References
[1] Den Boer and A. Bosselaers, “Collisions for the compression function of MD5,” in Workshop on the Theory and Application of CryptographicTechniques, pp. 293–304, Springer, 1993
[2] Wang, Xiaoyun, and Hongbo Yu. "How to break MD5 and other hash functions." Annual international conference on the theory and applications of cryptographic techniques. Springer, Berlin, Heidelberg, 2005.
The text was updated successfully, but these errors were encountered: