HTTP basic auth sends credentials un-hashed and unencrypted over the wire, relying on TLS for confidentiality in transit. However, should the password be stored hashed using a standard KDF in the backend for comparison on receipt?
-
1What are you trying to achieve? Why store the passwords in the first place? – Bernhard Döbler Sep 11 '20 at 17:23
-
Passwords not using basic auth are also typically sent unhashed and unencrypted except for TLS. – multithr3at3d Sep 12 '20 at 22:52
2 Answers
Passwords in general should be stored hashed on the server, no matter if they are transferred within some HTTP POST body as a result of a form submit or if they are transferred in the HTTP header as in Basic authentication.
- 190,458
- 29
- 381
- 434
Yes, it should be. The default backend for HTTP Basic Auth is htpasswd, and it encrypts passwords*:
htpasswd encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's crypt() routine. Files managed by htpasswd may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().
If you're setting up an alternative backend, such as a database, then you should provide salting and hashing as strong protections against password compromise.
*Note that, per the manual, "The SHA and crypt() formats are insecure by today's standards."
- 72,355
- 17
- 162
- 199
-
13"*The default backend for HTTP Basic Auth…*" - why are you assuming the OP is using Apache? – Bergi Sep 11 '20 at 08:55
-
2Nginx also defaults to recommending htpasswd in their [admin guide](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/). But you're correct that this answer skews towards the free, *nix-based alternatives that power [60% of the Internet](https://news.netcraft.com/archives/2019/09/27/september-2019-web-server-survey.html). – gowenfawr Sep 11 '20 at 13:11
-
@gowenfawr For a long time more than 60% of the internet didn't use HTTPS or used SSL3 and TLS1.0. "It's the default" isn't a very good argument for security - if anything it is probably a reason to be leery of it. None of the options listed by htpasswd seem up to the standards of 2020 for hashing passwords... who in their right mind would hash a password using "a version of MD5 modified for Apache"? bcrypt is the best option available and that one hasn't been state of the art for a decade. – Voo Sep 11 '20 at 15:19
-
4Reading the rest of the documentation gives me goosebumps.. "note that only the first 8 characters of the password are used to form the password. If the supplied password is longer, the extra characters will be silently discarded.". – Voo Sep 11 '20 at 15:21
-
@Voo being old enough to remember when crypt() was the only option that existed, I'm a little more optimistic than you about the newer algorithm support `htpasswd` tacks on... but it's a shame the tool didn't drop the backwards compatibility for generation (not validation) of passwords. – gowenfawr Sep 11 '20 at 15:34
-
@gowenfawr Sure you can make it reasonably secure. But the defaults are simply awful. Using bcrypt with a high number of rounds (most modern libraries use 12 or more as a default, not htpasswd's *5*) is reasonable if you don't care about hardware attacks, but why no PBKDF2 with SHA256 or scrypt? It just seems like a tool that hasn't seen serious development in a very long time (there's no algorithm supported that was developed this millennium) – Voo Sep 11 '20 at 15:55
-
2@Voo you're right, but what's the alternative for the average web dev? It's open source, you could always make a contribution (that also goes for myself and anyone here). Or is the answer just to modify the config and use bcrypt at 12 or 14 rounds? I don't disagree with anything you've said, but again, what's the alternative you recommend? – TCooper Sep 12 '20 at 00:08
-
@tCooper There's God knows how many libraries that support modern hashing algorithms for every modern programming language out there so that hasn't really been a problem for me. If you need some out of the box program, bcrypt with enough rounds is a decent solution for most scenarios. That said, the use cases for basic auth are pretty minimal these days to begin with. – Voo Sep 13 '20 at 08:50