This goes on top of the tests branch (#24). The new bit is the last 3 commits.
Basically, we avoid plaintext passwords in the env var, but don't go all the way to proper password hashing with multiple rounds of slow hashes.
There a few reasons/excuses not to go the whole way. Firstly, the obvious standard library to use, crypt is not cross platform, and people might be using moodle-mlbackend on Windows. Secondly, we recalculate the authentication on every request, rather than using sessions, so the cost of a slow hash is multiplied. Thirdly, this is probably enough unless people use bad passwords. Attackers cannot look up known hashes (because of the salt), and there is not very
much to protect anyway, given that only the models and CPU are available, not the training data.
We also add a little tool to generate the new format, and reserve the '\n' character in case we want to make it work like the comma and have one password per line (perhaps in a file).
douglasbagnall
commented
4 years ago
This goes on top of the
testsbranch (#24). The new bit is the last 3 commits.Basically, we avoid plaintext passwords in the env var, but don't go all the way to proper password hashing with multiple rounds of slow hashes.
There a few reasons/excuses not to go the whole way. Firstly, the obvious standard library to use,
cryptis not cross platform, and people might be using moodle-mlbackend on Windows. Secondly, we recalculate the authentication on every request, rather than using sessions, so the cost of a slow hash is multiplied. Thirdly, this is probably enough unless people use bad passwords. Attackers cannot look up known hashes (because of the salt), and there is not very much to protect anyway, given that only the models and CPU are available, not the training data.We also add a little tool to generate the new format, and reserve the '\n' character in case we want to make it work like the comma and have one password per line (perhaps in a file).