normalperson (Eric Wong) wrote:
This is an old issue; and nowadays SHA-1 is on it's way out...
Should we be looking at SHA-256 or something? (not a crypto expert)
I didn't think SHA-256 was supported in .htpasswd files. I suppose we could roll our own, but I figured the only reason crypt(3) was used was for compatibility with Apache .htpasswd files. According to the Apache documentation, there are 5 options for password formats (see https://httpd.apache.org/docs/2.4/misc/password_encryptions.html):
- bcrypt
- custom MD5
- SHA1
- crypt(3)
- plaintext
I don't believe ruby supports bcrypt in the stdlib. I would be 100% for adding bcrypt support to the stdlib and using it in Webrick, but that's a larger change.
The custom MD5 solution was Apache specific and fairly complex, and I didn't want to implement it.
Apache labels the SHA1 support "insecure". It's unsalted, so weak passwords would fall quickly to a rainbow table attack. While the first SHA1 collision attack was reported earlier this year, I don't believe anyone has shown an SHA1 preimage attack (where you can find a matching password given the hash), so it isn't truly insecure for very strong passwords (say 12 random characters).
Anyway, things have changed since I first put together this patch. I no longer think it makes sense to add support to Webrick for anything besides bcrypt. Because bcrypt isn't currently in the stdlib, I think this can be closed.