Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication protocol client_ed25519 #138

Open
daniel-pfeiffer opened this issue Jun 3, 2024 · 6 comments
Open

Authentication protocol client_ed25519 #138

daniel-pfeiffer opened this issue Jun 3, 2024 · 6 comments

Comments

@daniel-pfeiffer
Copy link

Our DBAs are (due to PCI/DSS compliance) switching to this password scheme. When connecting to such a server with crate mysql I get

DriverError { Unknown authentication protocol: `client_ed25519` }

I see ed25519_dalek and underlying curve25519-dalek are separate crates, but I don’t know how to tie them in. I hope this isn’t meant to say that’s currently impossible:

implements necessary functionality for MySql cached_sha2_password, mysql_native_password and legacy authentication plugins

What needs to be done?

@blackbeam
Copy link
Owner

blackbeam commented Jun 3, 2024

@daniel-pfeiffer, Hi.

When connecting to such a server with crate mysql I get:

DriverError { Unknown authentication protocol: `client_ed25519` }

This is because the client_ed25519 plugin is not implemented. I believe there was another issue mentioning this plugin but I couldn't find it 🤷‍♂️. Anyway..

What needs to be done?

  • Well first you need to implement the plugin — this involves doing sha512 as well as few scalar and group operations on ed25519 (here is a good reference implementation I googled). You can put this somewhere inside src/scramble.rs
  • Then you need to extend the AuthPlugin enumeration with the new variant.
  • The next step depends on which client you are using:
    • if it is mysql_async client, then you need to catch the new plugin here and perform the authentication
    • if it is mysql client, then you need to catch the new plugin here and perform the authentication

If you'll be able to implement this please consider filing a PR — it's not always possible to put time and effort in features I'm not personally interested in, so the only way for the library to evolve comprehensively is the community contributions

@daniel-pfeiffer
Copy link
Author

daniel-pfeiffer commented Jul 5, 2024

@blackbeam Hi Anatoly,

thanks for the pointers! Since no crypto expert stepped in, I’ll look at this.

In packets/mod.rs you use the 3 scramble* functions plus one simpler one. The naming is orthogonal to this: 3x Mysql*Password and CachingSha2Password – with the latter and 2 of the former calling the scramble* functions, none of which seem to cache. Not sure what the difference in naming is trying to convey here? And not sure whether MysqlEd25519Password or CachingEd25519Password suits you better?

More confusing: matching the latter there is a similar named file caching_sha2_password.rs pulled in with a mod statement, but the class therein PublicKeyRequest only gets referenced in comments.

kind regards – Daniel

@daniel-pfeiffer
Copy link
Author

daniel-pfeiffer commented Jul 16, 2024

We are reconsidering using this at all. Based on this well founded answer, with our security experts, we have done some experiments. It seems that MariaDB took a good signature algorithm, and misapplied it to passwords. Since these are usually low entropy, that’s a bad fit. Anybody capturing the password storage, can hope to crack them too easily, as they are stored unsalted.

We have asked MariaDB to justify this. Let’s see, if they manage to convince us that they do know what they are doing.

Update: They were already aware of these concerns, and are working on a new auth plugin.

@crai0n
Copy link

crai0n commented Sep 3, 2024

@daniel-pfeiffer Have you put any meaningful effort into implementing this already? I might take a shot at implementing this and creating a PR, although I am by no means an expert on cryptography.

Even though MariaDB is moving to PARSEC now, it might be nice to have this functionality in the crate for completeness.

@daniel-pfeiffer
Copy link
Author

daniel-pfeiffer commented Sep 6, 2024 via email

@daniel-pfeiffer
Copy link
Author

MariaDB seems to have reacted to this criticism by introducing the PARSEC plugin. It looks like a version 2 renamed ed25519 plugin. I don’t know if that is secure, but at least it fixes the worst security sin of unsalted password storage and transmission.

It’s been six weeks (or more? 11.6.1 only internal?) since PARSEC stabilisation with 11.6.2. Yet MariaDB don’t seem to be transparent about this. The ed25519 plugin documentation still doesn’t even mention its shortcomings, leave alone announce whether it will be deprecated. Nor does it mention PARSEC as a successor (other than it being mechanically listed in the sidebar.)

Their Pluggable Authentication Overview also has nothing to say about PARSEC yet. So far only the PARSEC page claims that it is the future, leaving everyone to discover it by chance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants