Skip to content

Recommend ssha256 cache hasher in FIPS docs #87255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 17 commits into from
Jul 22, 2022
Merged

Recommend ssha256 cache hasher in FIPS docs #87255

Changes from 8 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
6d3d80a
Recommend ssha256 for cache hasher in fips docs
n1v0lg May 31, 2022
dbc5a00
Tweak wording
n1v0lg May 31, 2022
8b1ad9b
Tweaks
n1v0lg May 31, 2022
acf7da8
Space
n1v0lg May 31, 2022
4b1ecd0
Mystery spaces
n1v0lg May 31, 2022
fc7acdb
Merge branch 'master' into docs/fips-cache-hasher
n1v0lg May 31, 2022
10b0ed2
Tweak
n1v0lg May 31, 2022
5bf9576
Spaces again
n1v0lg May 31, 2022
66abced
Merge branch 'master' into docs/fips-cache-hasher
n1v0lg Jun 2, 2022
ce1f5f8
Split out sections
n1v0lg Jun 2, 2022
bde5064
Merge branch 'master' into docs/fips-cache-hasher
n1v0lg Jun 3, 2022
a1d6430
Address feedback
n1v0lg Jun 3, 2022
5d23010
Merge branch 'master' into docs/fips-cache-hasher
n1v0lg Jul 6, 2022
627e74a
Merge branch 'master' into docs/fips-cache-hasher
n1v0lg Jul 22, 2022
cc745f5
Update x-pack/docs/en/security/fips-140-compliance.asciidoc
n1v0lg Jul 22, 2022
242097a
Update x-pack/docs/en/security/fips-140-compliance.asciidoc
n1v0lg Jul 22, 2022
7d49ef9
Update x-pack/docs/en/security/fips-140-compliance.asciidoc
n1v0lg Jul 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 16 additions & 3 deletions x-pack/docs/en/security/fips-140-compliance.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ keys must have corresponding length according to the following table:

While {es} offers a number of algorithms for securely hashing credentials in memory and
on disk, only the `PBKDF2` based family of algorithms is compliant with FIPS
140-2 for password hashing. However, since `PBKDF2` is essentially a key derivation
140-2 for stored password hashing. However, since `PBKDF2` is essentially a key derivation
function, your JVM security provider may enforce a
<<keystore-fips-password,112-bit key strength requirement>>. Although FIPS 140-2
does not mandate user password standards, this requirement may affect password
Expand All @@ -131,13 +131,26 @@ NOTE: You can still use one of the plain `pbkdf2` options instead of `pbkdf2_str
you have external policies and tools that can ensure all user passwords for the reserved,
native, and file realms are longer than 14 bytes.

You must set the `cache.hash_algo` realm settings
and the `xpack.security.authc.password_hashing.algorithm` setting to one of the
You must set the `xpack.security.authc.password_hashing.algorithm` setting to one of the
available `pbkdf_stretch_*` values.
When FIPS-140 mode is enabled, the default value for
`xpack.security.authc.password_hashing.algorithm` is `pbkdf2_stretch`.
See <<hashing-settings>>.

For cache hashing, salted `sha256` is recommended instead of `PBKDF2`. Though compliant
with FIPS-140-2, `PBKDF2` is -- by design -- slow, and thus not suitable as a cache hashing
algorithm. Cached credentials are never stored on disk, and salted `sha256` provides
an adequate level of security for in-memory credential hashing, without imposing prohibitive
performance overhead.

You should set the `cache.hash_algo` realm settings to `ssha256`. `ssha256` is the default value
for all `cache.hash_algo` realm settings.
See <<hashing-settings>>.

You _may_ set the `cache.hash_algo` realm settings to any of the `pbkdf2` options, however you
Copy link
Contributor Author

@n1v0lg n1v0lg May 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure we need this paragraph, and happy to remove it if we don't think it adds value. Essentially, pbkdf2 is a bad idea but it's not technically wrong and if a customer decides they want to use it and that the performance hit is acceptable, they can, from a FIPS standpoint. Wdyt?

Copy link
Member

@ywangd ywangd Jun 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this paragraph should go along with the previous one that says about pbkdf2 not suitable for caching hashing.

should carefully assess performance impact first. Depending on your deployment, the overhead
of `PBKDF2` could undo most of the performance gain of using a cache.

Password hashing configuration changes are not retroactive so the stored hashed
credentials of existing users of the reserved, native, and file realms are not
updated on disk.
Expand Down