1+ import hashlib
2+ import secrets
13from functools import lru_cache
24from typing import Any , Mapping
35
1214 StorageError ,
1315 UnknownRecordError ,
1416)
15- from monkey_island .cc .server_utils .encryption import ILockableEncryptor
1617
1718from .i_otp_repository import IOTPRepository
1819
@@ -21,21 +22,36 @@ class MongoOTPRepository(IOTPRepository):
2122 def __init__ (
2223 self ,
2324 mongo_client : MongoClient ,
24- encryptor : ILockableEncryptor ,
2525 ):
26- self ._encryptor = encryptor
26+ # SECURITY: A new salt is generated for each instance of this repository. This effectively
27+ # makes all preexisting OTPS invalid on Island startup.
28+ self ._salt = secrets .token_bytes (16 )
29+
2730 self ._otp_collection = mongo_client .monkey_island .otp
2831 self ._otp_collection .create_index ("otp" , unique = True )
2932
3033 def insert_otp (self , otp : OTP , expiration : float ):
3134 try :
32- encrypted_otp = self ._encryptor .encrypt (otp .get_secret_value ().encode ())
3335 self ._otp_collection .insert_one (
34- {"otp" : encrypted_otp , "expiration_time" : expiration , "used" : False }
36+ {"otp" : self . _hash_otp ( otp ) , "expiration_time" : expiration , "used" : False }
3537 )
3638 except Exception as err :
3739 raise StorageError (f"Error inserting OTP: { err } )
3840
41+ def _hash_otp (self , otp : OTP ) -> bytes :
42+ # SECURITY: A single round of salted SHA256 is usually not considered sufficient for
43+ # protecting passwords. However, OTPs have a very short life span (2 minutes at the time of
44+ # this writing). Additionally, they can only be used once. Finally, they are 32 bytes long.
45+ # At the present time, we consider this to be sufficient protection. I'm unaware of any
46+ # technology in existence that can brute force SHA256 for (roughly) 48-byte inputs in under
47+ # 2 minutes.
48+ #
49+ # Note that if any of these conditions change (timeouts become very long or OTPs become very
50+ # short), this should be revisited. For now, we prefer the significantly faster performance
51+ # of a single round of salted SHA256 over a more secure but slower algorithm.
52+ otp_bytes = otp .get_secret_value ().encode ()
53+ return hashlib .sha256 (self ._salt + otp_bytes ).digest ()
54+
3955 def set_used (self , otp : OTP ):
4056 try :
4157 otp_id = self ._get_otp_object_id (otp )
@@ -71,11 +87,10 @@ def _get_otp_document(self, otp: OTP) -> Mapping[str, Any]:
7187
7288 @lru_cache
7389 def _get_otp_object_id (self , otp : OTP ) -> ObjectId :
74- otp_str = otp .get_secret_value ()
75-
7690 try :
77- encrypted_otp = self ._encryptor .encrypt (otp_str .encode ())
78- otp_dict = self ._otp_collection .find_one ({"otp" : encrypted_otp }, [MONGO_OBJECT_ID_KEY ])
91+ otp_dict = self ._otp_collection .find_one (
92+ {"otp" : self ._hash_otp (otp )}, [MONGO_OBJECT_ID_KEY ]
93+ )
7994 except Exception as err :
8095 raise RetrievalError (f"Error retrieving OTP: { err } )
8196
0 commit comments