[7.0]Auth crypt encrypts passwords lazily and deactivated users will never have password encrypted
Bug #1280152 reported by
Nicolas Bessi - Camptocamp
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Addons (MOVED TO GITHUB) |
Fix Released
|
Medium
|
OpenERP's Framework R&D |
Bug Description
Auth_crypt module use by default md5 hash instead of the proposed sha256.
Sadly this implementation is broken.
Also passwords are only encrypted when user log in for the first time.
So deactivated usesr will never have their password encrypted.
Regards
Nicolas
Related branches
lp:~camptocamp/ocb-addons/improve_auth_crypt-nbi
- Laurent Mignon (Acsone) (community): Approve
- Holger Brunn (Therp): Approve (code review)
- Stefan Rijnhart (Opener): Pending requested
- Alexandre Fayolle - camptocamp: Pending (code review, no test) requested
- Nicolas Bessi - Camptocamp: Pending requested
-
Diff: 67 lines (+30/-6)1 file modifiedauth_crypt/auth_crypt.py (+30/-6)
lp:~camptocamp/openobject-addons/improve_auth_crypt_3_please_launchpad_work-nbi
- Olivier Dony (Odoo): Needs Fixing
-
Diff: 67 lines (+30/-6)1 file modifiedauth_crypt/auth_crypt.py (+30/-6)
To post a comment you must log in.
Hi Nicolas,
As we discussed on Twitter, this bug report contains 2 different issues:
1) auth_crypt in 7.0 encrypts user passwords lazily, instead of immediately forcing the encryption at install
2) auth_crypt only supports the deprecated md5_crypt algorithm, while more secure options are recommended (the code contains a partial attempt to introduce a sha256 algorithm but it was never completed)
Let's focus on issue 1) in this bug report, and address 2) in another (wishlist) improvement request for trunk.
Regarding the latter, instead of trying to fix the current sha256 method I suggest to remove all algorithms from auth_crypt and depend on the passlib implementation (it's now officially included in Debian 7.0, so we could add this dependency in v8). Passlib supports our current md5_crypt passwords, so it would be easy to integrate it, and switch to a modern default for new passwords (sha256 or 512 for example). We can further discuss it on another bug report if you would like to work on it.
Thanks,