0

Traditionally, when the client logs in, it sends the credentials (username+pw) without any further processing. The server then checks if an entry exists in its user database that matches the supplied credentials.

To render password recovery harder in case of database breach, the password is stored in its hashed form. This means that either the client or the server hashes the password and then the credentials are checked for a match.

However, if the client does the hashing, it effectively becomes useless. Why ? Because the hashed password is now used as the password. One could steal the database, read the hash and send that along with the username and still get an access.

This is why the hashing must be done on the server, so that without prior knowledge of the password it is impossible to log in.

However, I cannot find any way to achieve this with a PAM module so that vsftpd will use it for logins. Note that I do not want to use a normal hash function as these are not suitable for password. I need to use a KDF such as scrypt or bcrypt.

Do I have to code my own PAM module or do I have to generate htpasswd hashes on demand ?

tl;dr How to perform user authentication with serverside password hash for vsftpd ?

Dreadlockyx
  • 103
  • 4
  • I don't get your problem. `vsftpd` uses PAM and thus the system user database by default, which *is* hashed with a strong hash on any reasonable new system. This "just" leaves the issue with the unencrypted transfer of said password ... – Sven Apr 05 '16 at 21:59
  • Perhaps I wasn't clear enough, so let me explain what I'm trying to achieve: I need the server to hash the password upon receiving it (and not the client before sending out its credentials) but with a KDF such as scrypt instead of a normal hash algorithm. – Dreadlockyx Apr 06 '16 at 07:46

1 Answers1

0

crypt() used by PAM might only support BCRYPT not SCRYPT (or none of both). In all cases you only need to set the method when encoding the password, not when checking it.

As vsftp uses the system password file, you need to reconfigure PAM to use BCRYPT. This depends on the actual unix/linux used. As soon as your passwd file contains $2y$ prefixed password hashes (you could generate them with a recent htpasswd -B you are done).

Some Linux supports authconfig --passalgo=blowfish --updatefor others you need to find the right PAM config file and add blowfish to the password line:

password sufficient /lib/security/pam_unix.so nullok use_authok blowfish shadow
eckes
  • 845
  • 9
  • 21
  • So as you explained it, KDF support is regulated by PAM. If I want to use scrypt instead of bcrypt, I would have to use a fork of PAM, is that right ? – Dreadlockyx Mar 19 '17 at 08:58
  • You dont need to fork, PAM allows to load modules as dynamic libraries. I am sure somebody has written a scrypt module already (but I cant find it). Another option is to use a pam password verification helper. This is slower as it starts an external program but there you can use any language and dont need to create a dynlib. – eckes Mar 19 '17 at 09:07