Securely Storing User Passwords
Account password storage is an important topic, and one that has drawn increased scrutiny in recent years thanks to a series of high-profile security breaches at major companies.
Cerberus FTP Server never stores user account passwords. Instead, the server stores a representation of the password, called a cryptographic hash, for each user account. Administrators can choose from several different hashing algorithms, including:
- PBKDF2 HMAC SHA256 (v7.0 and higher)
- PBKDF2 HMAC SHA512 (v7.0 and higher)
The default hash used in Cerberus FTP Server 5.0 and 6.0 is SHA256. The deault hash in 7.0 and higher is PBKDF2 HMAC SHA256 with 5000 round iteration count (the default iteration count is configurable in the Cerberus settings.xml file).
In all cases, Cerberus combines a cryptographically secure pseudo-random, per-password salt that is half the length of the hash being used.
For example, for a SHA256 password hash, Cerberus combines a 128 bit random salt (SHA256 hashes are 256 bits in length) with the password. The combined salt and password are then hashed with SHA256. The unique salt and salted password hash are then saved with each user account in base16 format.
Steps to create a password hash string
The following steps are for anyone looking to manually convert a password for storage in Cerberus. This can be useful for importing hashes from other systems for CSV import.
- Serialize your cryptographic salt value into byte array
- Serialize your UTF8-encoded password string into a byte array
- Combine the salt byte array and the password byte array into a single byte array by adding the password array after the salt array (salt + password).
- Run your hashing algorithm on the combined salt + password array. This is your hashed password.
- Create a new array that is a combination of your salt array and your password hash array (salt + password hash)
- Encode the salt + password hash array as a base16 string. The resulting base16 string is how Cerberus stores a password.
Cerberus can technically handle any salt length. We already know the length of the hash based on the hash type. Any additional bytes before the hash are considered salt.
Changing the Storage Format
Whenever the underlying password storage format is changed (e.g., SHA256 to SHA512), any existing password hashes will remain in the format they were in when they were last set. The system has no knowledge of the original password, so existing hashes cannot be recomputed with the new storage algorithm.
However, when a user successfully logs into the server, Cerberus will make sure the existing password hash algorithm matches the currently selected algorithm. If the password hash associated with the user account is not using the current default storage hash algorithm, Cerberus will rehash the password provided during user login with the default algorithm, and save it with the user account.