You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I've noticed that the project uses an insecure practice in password storage and RSA key size selection. Specifically, the project employs MD5 for hashing passwords, which is a fast and reversible hashing algorithm susceptible to rainbow table attacks. This can be found in pgconn.go at line 446. Furthermore, the RSA key size is currently set at 2048 bits, whereas NIST recommends using 3072 bits or higher for enhanced security. This latter issue is located in generate_certs.go at line 67.
Describe the solution you'd like
I suggest updating the password hashing mechanism to utilize a more secure algorithm, such as Argon2id, scrypt, or bcrypt, which are designed to be resource-intensive and thus protect against offline brute-force attacks. Regarding the RSA key size, I propose increasing it to 3072 bits to align with NIST recommendations and improve cryptographic strength. https://www.keylength.com/en/3/
Describe alternatives you've considered
An alternative for password hashing could involve using PBKDF2 with a high iteration count, although this is less preferred compared to the previously mentioned algorithms due to its relative simplicity and susceptibility to hardware-accelerated attacks. For the RSA key size, there is no real alternative; upgrading to a larger key size is essential for maintaining adequate security levels.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
I've noticed that the project uses an insecure practice in password storage and RSA key size selection. Specifically, the project employs MD5 for hashing passwords, which is a fast and reversible hashing algorithm susceptible to rainbow table attacks. This can be found in
pgconn.goat line 446. Furthermore, the RSA key size is currently set at 2048 bits, whereas NIST recommends using 3072 bits or higher for enhanced security. This latter issue is located ingenerate_certs.goat line 67.Describe the solution you'd like
I suggest updating the password hashing mechanism to utilize a more secure algorithm, such as Argon2id, scrypt, or bcrypt, which are designed to be resource-intensive and thus protect against offline brute-force attacks. Regarding the RSA key size, I propose increasing it to 3072 bits to align with NIST recommendations and improve cryptographic strength. https://www.keylength.com/en/3/
Describe alternatives you've considered
An alternative for password hashing could involve using PBKDF2 with a high iteration count, although this is less preferred compared to the previously mentioned algorithms due to its relative simplicity and susceptibility to hardware-accelerated attacks. For the RSA key size, there is no real alternative; upgrading to a larger key size is essential for maintaining adequate security levels.
The text was updated successfully, but these errors were encountered: