Document password hashing settings

[lzap]

Foreman 3.3 will have three options available in Administer - Settings - Authentication - Password hashing algorithm which specifies which password hashing algorithm will be used for newly set passwords. There are the following options:

• BCrypt (the default setting)
• PBKDF2 SHA1 (NIST-approved algorithm)
• SHA1 (legacy option, not recommended)

There are two additional options:

• BCrypt password cost: BCrypt hashing cost, higher value leads to approximately 50 milliseconds. This number must not be lower than 5. Keep in mind that setting this number too high can cause delays in password authentication, this also applies to the API.
• PBKDF2 password cost: PBKDF2 SHA1 hashing cost, higher value leads to better password security. Set to a value of 50000 by default. It is recommended to increase the value accordingly. Keep in mind that setting this number too high can cause delays in password authentication, this also applies to the API.

Important note: changing any setting will not affect exiting passwords. Users must be asked to change their passwords in order to apply the new algorithm or cost.

Not creating a BZ for this, just feel free to implement this when you have time, cheers!

@Lennonka @mdolezelova

[maximiliankolb]

third option would be FIPS compliant (maybe provide a source)

triage: -> add to WebUI; close issue for docs.

[ekohl]

We should remove SHA1 from the application because it has no place in 2024.

BCrypt password cost: BCrypt hashing cost, higher value leads to approximately 50 milliseconds. This number must not be lower than 5. Keep in mind that setting this number too high can cause delays in password authentication, this also applies to the API.

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#bcrypt states:

The bcrypt password hashing function should be the best choice for password storage in legacy systems or if PBKDF2 is required to achieve FIPS-140 compliance.

The work factor should be as large as verification server performance will allow, with a minimum of 10.

I think this is plain bcrypt, not PBKDF2 Bcrypt which makes me question it. On the other hand, this contradicts that BCrypt is not FIPS compliant.

PBKDF2 password cost: PBKDF2 SHA1 hashing cost, higher value leads to better password security. Set to a value of 50000 by default. It is recommended to increase the value accordingly. Keep in mind that setting this number too high can cause delays in password authentication, this also applies to the API.

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 states:

Since PBKDF2 is recommended by NIST and has FIPS-140 validated implementations, so it should be the preferred algorithm when these are required.

The PBKDF2 algorithm requires that you select an internal hashing algorithm such as an HMAC or a variety of other hashing algorithms. HMAC-SHA-256 is widely supported and is recommended by NIST.

We don't implement a SHA 256 flavor, but it's better than SHA1 and also recommended by NIST.

In short: I think we have some engineering work to do in this area.