HomePhorge
Diffusion kolab 31bfd99f93c4

Authentication caching for passwords

Description

Authentication caching for passwords

Summary:
This gets the time for authentication from 160ms to 0.5ms.

If somebody would get a hold of the cacheId,
a dictionary attack on the password becomes feasible (because the hash function is fast).
We only store this value on the internal redis instance, so the cacheId
could only be accessed if there already is breach, and the alternative would be to lower the bcrypt rounds to 6, which results
in 4ms, but that affects data at rest.

In the current implementation we incur one slow request every 60s,
and thus would also discover e.g. a password change after 60s.

Differential Revision: https://git.kolab.org/D5090

Details

Provenance
mollekopfAuthored on Wed, Jan 22, 11:00 PM
mollekopfPushed on Mon, Jan 27, 10:57 AM
Differential Revision
D5090: Authentication caching for passwords
Parents
rK8693cb4b2a7e: Fix error when authenticating with simple, but long password
Branches
Unknown
Tags
Unknown
Build Status
Buildable 52638