Page MenuHomePhabricator
Create Task
Maniphest T216682

Switch WMF production to Argon2 password hashes
Closed, ResolvedPublic
Actions

Description

Argon2 is a new-generation key derivation algorithm that was designed to resist side-channel (i variants) and GPU brute force (d variants), unlike our current PBKDF2. Now that we have Argon2 support in core, we should talk about protecting our users with it.

  • Argon2i requires PHP 7.2
  • Argon2id requires PHP 7.3

We need to determine whether we want to wait for PHP 7.3 to get Argon2id, and determine algorithm parameters (memory cost, time cost and thread count).

Blocked on completion of T176370: Migrate to PHP 7 in WMF production.

Details

SubjectRepoBranchLines +/-
Use encrypted Argon2 Hashes to store user passwordsoperations/mediawiki-configmaster+15 -1
Make EncryptedPassword work with Argon2Passwordmediawiki/coreREL1_40+23 -0
Make EncryptedPassword work with Argon2Passwordmediawiki/coreREL1_39+23 -0
Make EncryptedPassword work with Argon2Passwordmediawiki/coreREL1_41+23 -0
Make EncryptedPassword work with Argon2Passwordmediawiki/coreREL1_42+23 -0
Make EncryptedPassword work with Argon2Passwordmediawiki/coremaster+23 -0
Customize query in gerrit

Related Objects

Event Timeline

MaxSem created this task.Feb 21 2019, 8:03 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 21 2019, 8:03 AM
MaxSem added a subtask: T176370: Migrate to PHP 7 in WMF production.Feb 21 2019, 8:04 AM
Bawolff subscribed.Feb 21 2019, 6:11 PM

Argon2 is a new-generation key derivation algorithm that was designed to resist side-channel (i variants) and GPU brute force (d variants), unlike our current PBKDF2. Now that we have Argon2 support in core, we should talk about protecting our users with it.

Its been a while since I read up on these, but I thought Argon2i is meant to resist side-channel leaks relative to other variants of Argon2, not necessarily in comparison to SHA512-PBKDF.

Memory hardness/GPU-resistence would be the big win here. The i variant is still a very significant improvement over SHA512-PBKDF in that category.

FYI: The argon2 paper suggests parameters of 0.5 seconds, 1 GB ram, and 2 threads for password hashing with argon2i. We should probably make our own determinations, and I'm not sure how old the recommendation in the paper is, but at least that's a starting point.

Bawolff edited projects, added Security-Team; removed acl*security.Feb 21 2019, 6:11 PM
Bawolff awarded a token.Feb 21 2019, 6:18 PM
Jdforrester-WMF subscribed.Mar 15 2019, 1:13 AM
Krinkle updated the task description. (Show Details)EditedMar 26 2019, 4:40 PM
Krinkle removed a subtask: T176370: Migrate to PHP 7 in WMF production.
Krinkle subscribed.

De'refing the sub tree for now as it's really its own project. Hopefully makes the graph a bit easier to follow and makes space for other sub tasks that are more directly related to this initiative.

Krinkle moved this task from Untriaged to Wikimedia production on the PHP 7.2 support board.Apr 16 2019, 12:34 AM
Krinkle removed projects: PHP 7.3 support, PHP 7.2 support.Apr 25 2019, 9:33 PM

This issue is blocked on PHP 7.2 deployment being completed but is not itself a problem to be solved before PHP 7.2+ can be considered adopted/supported.

MaxSem added a comment.May 15 2019, 2:04 AM

Meanwhile, PBKDF2 is now considered a "last resort" algorithm (and we're doing only 30K iterations compared to 85K recommended).

Krenair subscribed.May 15 2019, 2:06 AM
MaxSem closed this task as Declined.Jul 2 2019, 2:37 AM

Unfortunately, Argon2 will most likely be broken in a backwards-incompatible way in PHP 7.4: https://wiki.php.net/rfc/sodium.argon.hash

Can't trust it right now.

Bawolff added a comment.Jul 2 2019, 9:41 AM
In T216682#5298861, @MaxSem wrote:

Unfortunately, Argon2 will most likely be broken in a backwards-incompatible way in PHP 7.4: https://wiki.php.net/rfc/sodium.argon.hash

Can't trust it right now.

I just skimmed the rfc - at first glance it looks like its backwards compatible as long as we specify a non-default cost of at least 3

Rxy subscribed.Aug 13 2019, 10:57 PM
sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Aug 30 2019, 4:11 PM
AntiCompositeNumber mentioned this in T285152: Set password max length at 128 characters.Jul 1 2021, 9:29 PM
Perryprog reopened this task as Open.EditedNov 8 2021, 4:37 PM
Perryprog subscribed.

We're on PHP 7.2 now and the part mentioned earlier has been struck in the standard, so this may be worth a second look.

sbassett edited projects, added Security; removed Security-Team.Nov 8 2021, 5:05 PM
PleaseStand mentioned this in T320929: Deploy MediaWiki config change to use OpenSSL for PBKDF2 password hashing.Oct 17 2022, 8:34 AM
Reedy added a project: WMF-General-or-Unknown.May 4 2024, 11:41 PM
Zabe subscribed.May 5 2024, 1:25 PM
gerritbot added a comment.May 8 2024, 12:51 PM

Change #1029183 had a related patch set uploaded (by Zabe; author: Zabe):

[operations/mediawiki-config@master] Use encrypted Argon2 Hashes to store user passwords

https://gerrit.wikimedia.org/r/1029183

gerritbot added a project: Patch-For-Review.May 8 2024, 12:51 PM
gerritbot added a comment.May 8 2024, 5:05 PM

Change #1029225 had a related patch set uploaded (by Zabe; author: Zabe):

[mediawiki/core@master] Make EncryptedPassword work with Argon2Password

https://gerrit.wikimedia.org/r/1029225

gerritbot added a comment.May 8 2024, 8:47 PM

Change #1029225 merged by jenkins-bot:

[mediawiki/core@master] Make EncryptedPassword work with Argon2Password

https://gerrit.wikimedia.org/r/1029225

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.5; 2024-05-14).May 8 2024, 9:00 PM
gerritbot added a comment.May 9 2024, 6:44 AM

Change #1029252 had a related patch set uploaded (by Zabe; author: Zabe):

[mediawiki/core@REL1_39] Make EncryptedPassword work with Argon2Password

https://gerrit.wikimedia.org/r/1029252

gerritbot added a comment.May 9 2024, 6:44 AM

Change #1029253 had a related patch set uploaded (by Zabe; author: Zabe):

[mediawiki/core@REL1_40] Make EncryptedPassword work with Argon2Password

https://gerrit.wikimedia.org/r/1029253

gerritbot added a comment.May 9 2024, 6:45 AM

Change #1029254 had a related patch set uploaded (by Zabe; author: Zabe):

[mediawiki/core@REL1_41] Make EncryptedPassword work with Argon2Password

https://gerrit.wikimedia.org/r/1029254

gerritbot added a comment.May 9 2024, 6:45 AM

Change #1029255 had a related patch set uploaded (by Zabe; author: Zabe):

[mediawiki/core@REL1_42] Make EncryptedPassword work with Argon2Password

https://gerrit.wikimedia.org/r/1029255

gerritbot added a comment.May 9 2024, 7:18 AM

Change #1029255 merged by jenkins-bot:

[mediawiki/core@REL1_42] Make EncryptedPassword work with Argon2Password

https://gerrit.wikimedia.org/r/1029255

gerritbot added a comment.May 9 2024, 7:18 AM

Change #1029252 merged by jenkins-bot:

[mediawiki/core@REL1_39] Make EncryptedPassword work with Argon2Password

https://gerrit.wikimedia.org/r/1029252

gerritbot added a comment.May 9 2024, 7:19 AM

Change #1029254 merged by jenkins-bot:

[mediawiki/core@REL1_41] Make EncryptedPassword work with Argon2Password

https://gerrit.wikimedia.org/r/1029254

gerritbot added a comment.May 9 2024, 7:22 AM

Change #1029253 merged by jenkins-bot:

[mediawiki/core@REL1_40] Make EncryptedPassword work with Argon2Password

https://gerrit.wikimedia.org/r/1029253

ReleaseTaggerBot added projects: MW-1.40-notes, MW-1.42-notes, MW-1.41-notes, MW-1.39-notes.May 9 2024, 8:00 AM
Zabe claimed this task.May 10 2024, 8:46 PM
gerritbot added a comment.May 21 2024, 10:56 PM

Change #1029183 merged by jenkins-bot:

[operations/mediawiki-config@master] Use encrypted Argon2 Hashes to store user passwords

https://gerrit.wikimedia.org/r/1029183

Stashbot added a comment.May 21 2024, 10:56 PM

Mentioned in SAL (#wikimedia-operations) [2024-05-21T22:56:51Z] <zabe@deploy1002> Started scap: Backport for [[gerrit:1029183|Use encrypted Argon2 Hashes to store user passwords (T150647 T216682)]]

Stashbot mentioned this in T150647: Deploy EncryptedPassword to Wikimedia Sites.May 21 2024, 10:56 PM
Stashbot added a comment.May 21 2024, 10:59 PM

Mentioned in SAL (#wikimedia-operations) [2024-05-21T22:59:31Z] <zabe@deploy1002> zabe: Backport for [[gerrit:1029183|Use encrypted Argon2 Hashes to store user passwords (T150647 T216682)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.May 21 2024, 11:23 PM

Mentioned in SAL (#wikimedia-operations) [2024-05-21T23:23:43Z] <zabe@deploy1002> Finished scap: Backport for [[gerrit:1029183|Use encrypted Argon2 Hashes to store user passwords (T150647 T216682)]] (duration: 26m 51s)

Maintenance_bot removed a project: Patch-For-Review.May 21 2024, 11:31 PM
Zabe closed this task as Resolved.May 28 2024, 9:46 PM
Zabe mentioned this in T366130: Password Hash is always regenerated when logging in when using EncryptedPassword.May 29 2024, 12:31 AM
Ladsgroup awarded a token.Mon, Jun 24, 12:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits