Rails - Feb 2005 - Setting passwords for users (Login Generator)

Hi all,

I have just setup logins and am trying to create another user. Instead 
of going along the signup way I tried to insert a row in the DB 
directly (I will not have users signup, I will be creating them 
manually and the signup action will be disabled when I am finished)*:

insert into users (login, password) values (''myname'',
sha1(''mypass''));

The row gets inserted properly, but when trying to login as the new 
user the login is rejected?

Any ideas where it might be failing?

Using Rails 0.10.0, MySQL 4.0.23 and the updated LoginGenerator.

Many thanks in advance!

-- Nicky

* would simply deleting the signup method from the controller leave any 
door open?

Nickolay Kolev <nmkolev-OhoefBWHl6Eb1SvskN2V4Q@public.gmane.org> wrote:
> insert into users (login, password) values (''myname'',
sha1(''mypass''));
> 
> The row gets inserted properly, but when trying to login as the new
> user the login is rejected?
You didn''t include the "salt" string (from user.rb):

Digest::SHA1.hexdigest("change-me--#{pass}--")

An even better approach would be to combine the username and
password into a single string before running sha1 on it, so that two
users with the same password will generate different hashes.

-- 
Regards,
Stian Grytøyr

> An even better approach would be to combine the username and
> password into a single string before running sha1 on it, so that two
> users with the same password will generate different hashes.
True-ish. If you do this there will be no way for users to change
login name without changing the password. If you use email instead of
login this can be a problem.

-- 
Tobi
http://www.snowdevil.ca - Snowboards that don''t suck
http://www.hieraki.org   - Open source book authoring
http://blog.leetsoft.com - Technical weblog

> You didn''t include the "salt" string (from user.rb):
>
> Digest::SHA1.hexdigest("change-me--#{pass}--")
Thanks guys, I should have looked at the code...

Any opinion on deleting the signup method?

-- Nicky

On Sun, 27 Feb 2005 03:18:07 -0500, Tobias Luetke
<tobias.luetke-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > An even better approach would be to combine the username and
> > password into a single string before running sha1 on it, so that two
> > users with the same password will generate different hashes.
 
> True-ish. If you do this there will be no way for users to change
> login name without changing the password. If you use email instead of
> login this can be a problem.
To get around this, couldn''t you use the user id (primary key)?  

-- 
Tom Ward

On Sun, 27 Feb 2005 09:17:23 +0000, Tom Ward
<tom.ward-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On Sun, 27 Feb 2005 03:18:07 -0500, Tobias Luetke
> <tobias.luetke-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> 
> > > An even better approach would be to combine the username and
> > > password into a single string before running sha1 on it, so that
two
> > > users with the same password will generate different hashes.
> 
> > True-ish. If you do this there will be no way for users to change
> > login name without changing the password. If you use email instead of
> > login this can be a problem.
> 
> To get around this, couldn''t you use the user id (primary key)?
Scratch that, I''ve just worked out why you can''t . . . ! 

-- 
Tom Ward

Tobias Luetke <tobias.luetke-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> True-ish. If you do this there will be no way for users to change
> login name without changing the password. If you use email instead of
> login this can be a problem.
That''s true, so on my own sites there is no way to change the login
name, by design. I suppose one could add a random string to each
user object and use that as the salt if this is a concern.

Actually, I think the ideal solution is to use a salt (different for each user) 
as well as a "magic" string for each site. That way, you not only 
guarantee that different users with the same password will have different 
hashes, you also make sure that a compromised username/password 
combo can not be used on a different site with the same password 
mechanism. This might seem rather paranoid, but it''s simple to
implement,
so I tend to do it.

-- 
Regards,
Stian Grytøyr

On my sites the salt is generated from a mix of the time the password
is created and a little secret loving (okay, the name of the machine
the site is running off of). Using the seconds of time, I should not
get anyone with the same salt. If all my users changed their passwords
at the exact same time, it''s possible they''d have similar
salts. I''m
just not too worried about that.

~Travis


On Sun, 27 Feb 2005 12:53:27 +0100, Stian Grytøyr
<sgrytoyr-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Actually, I think the ideal solution is to use a salt (different for each
user)
> as well as a "magic" string for each site. That way, you not only
> guarantee that different users with the same password will have different
> hashes, you also make sure that a compromised username/password
> combo can not be used on a different site with the same password
> mechanism. This might seem rather paranoid, but it''s simple to
implement,
> so I tend to do it.

On Sun, Feb 27, 2005 at 09:50:57AM +0100, Nickolay Kolev
wrote:
> >You didn''t include the "salt" string (from user.rb):
> >
> >Digest::SHA1.hexdigest("change-me--#{pass}--")
I missed the beginning of this thread, but I just wanted to mention
that SHA-1 recently had a new attack discovered against it. 

This is probably not a problem right now for anything, and almost
certainly not a problem if your message space is smaller than the hash
space (as it is with common-length passwords), but as a matter of
course, you should be looking at more resilient hash algorithms.

More detail on this is here:

http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html


-- 
				- Adam

-----
** My new project --> http://www.visiognomy.com/daily
   **  Flagship blog --> http://www.aquick.org/blog
Hire me: [ http://www.adamfields.com/Adam_Fields_Resume.htm ]
Links:   [ http://del.icio.us/fields ]
Photos:  [ http://www.aquick.org/photoblog ]

On Feb 27, 2005, at 7:07 PM, Adam Fields wrote:
> On Sun, Feb 27, 2005 at 09:50:57AM +0100, Nickolay Kolev wrote:
>>> You didn''t include the "salt" string (from
user.rb):
>>>
>>> Digest::SHA1.hexdigest("change-me--#{pass}--")
>
> I missed the beginning of this thread, but I just wanted to mention
> that SHA-1 recently had a new attack discovered against it.
>
> This is probably not a problem right now for anything, and almost
> certainly not a problem if your message space is smaller than the hash
> space (as it is with common-length passwords), but as a matter of
> course, you should be looking at more resilient hash algorithms.
I would not worry to much about it. From a web-app point of view all 
hashing algorithms are as weak/strong as the number of requests you can 
handle for a brute force attack on a user account. Wether you use 
SHA-1, MD5 of *plain text* password really makes no difference.

  S.

Interesting, And when the user logs in how do you figure out what time
the password might have been generated at?

On Sun, 27 Feb 2005 09:51:32 -0500, Travis Smith
<zultan.durin-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On my sites the salt is generated from a mix of the time the password
> is created and a little secret loving (okay, the name of the machine
> the site is running off of). Using the seconds of time, I should not
> get anyone with the same salt. If all my users changed their passwords
> at the exact same time, it''s possible they''d have similar
salts. I''m
> just not too worried about that.
> 
> ~Travis
-- 
Tobi
http://www.snowdevil.ca - Snowboards that don''t suck
http://www.hieraki.org   - Open source book authoring
http://blog.leetsoft.com - Technical weblog

On Sun, Feb 27, 2005 at 07:13:58PM +0100, Stefan Arentz
wrote:
> 
> On Feb 27, 2005, at 7:07 PM, Adam Fields wrote:
> 
> >On Sun, Feb 27, 2005 at 09:50:57AM +0100, Nickolay Kolev wrote:
> >>>You didn''t include the "salt" string (from
user.rb):
> >>>
> >>>Digest::SHA1.hexdigest("change-me--#{pass}--")
> >
> >I missed the beginning of this thread, but I just wanted to mention
> >that SHA-1 recently had a new attack discovered against it.
> >
> >This is probably not a problem right now for anything, and almost
> >certainly not a problem if your message space is smaller than the hash
> >space (as it is with common-length passwords), but as a matter of
> >course, you should be looking at more resilient hash algorithms.
> 
> I would not worry to much about it. From a web-app point of view all 
> hashing algorithms are as weak/strong as the number of requests you can 
> handle for a brute force attack on a user account. Wether you use 
> SHA-1, MD5 of *plain text* password really makes no difference.
Probably true. Even if not - the password space is smaller than even
the compromised SHA-1 search space (i.e.: it''s easier to guess the
password itself than try to find a collision on the hash).

However, in general, it''s worth noting that if you are using a one-way
hash function for something else, think twice about using SHA-1.

Anyway...

-- 
				- Adam

-----
** My new project --> http://www.visiognomy.com/daily
   **  Flagship blog --> http://www.aquick.org/blog
Hire me: [ http://www.adamfields.com/Adam_Fields_Resume.htm ]
Links:   [ http://del.icio.us/fields ]
Photos:  [ http://www.aquick.org/photoblog ]

The salt is part of the generated hash. The first so many characters
(depending on the algorithm used to generate the hash). You can simply
remove those characters from the stored hash, use it as the salt for
the hash you are comparing it with and check to see if they are equal.

On Sun, 27 Feb 2005 13:29:55 -0500, Tobias Luetke
<tobias.luetke-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Interesting, And when the user logs in how do you figure out what time
> the password might have been generated at?
>
> On Sun, 27 Feb 2005 09:51:32 -0500, Travis Smith
<zultan.durin-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > On my sites the salt is generated from a mix of the time the password
> > is created and a little secret loving (okay, the name of the machine
> > the site is running off of). Using the seconds of time, I should not
> > get anyone with the same salt. If all my users changed their passwords
> > at the exact same time, it''s possible they''d have
similar salts. I''m
> > just not too worried about that.
> >
> > ~Travis
>
> --
> Tobi
> http://www.snowdevil.ca - Snowboards that don''t suck
> http://www.hieraki.org   - Open source book authoring
> http://blog.leetsoft.com - Technical weblog
>