I was just reading the hardening guidelines and noticed something a little concerning. I’m no expert but this didn’t sound right:
An actor with access to the access token, the Nextcloud config file, and the Nextcloud database can decrypt user passwords stored in the database.
It was my understanding that passwords are not typically stored using reversible encryption, so there should be no way to decrypt passwords stored in the database. Indeed the next paragraph seems to say the passwords are hashed using bcrypt, so hopefully there is just a misunderstanding regarding the above quote.
Can anyone clarify how passwords are stored in Nextcloud?
The default backend (in database) uses the default IHasher class when creating/working with users. The implementation of that interface uses the Hasher class that defines the method to hash a password. It uses Argon2di, Argon2d, or bcrypt, depending on configuration and availability.
So, the best practice of storing the passwords one-way encrypted/hashed is in fact in place in Nextcloud (at least in recent versions). So classical decryption is no possible (although knowing the hash and having no counter-measures allows for fast brute-force attacks). If the attacker has access to the DB, he could simply replace the hash with something of his liking in fact changing the password.
I do not know where this text comes from exactly and what the intention of it was. A quick glance at the history shows no hints as well. @LukasReschke you made the commit, can you elaborate a bit on the statement?
Thank you both for the information. The wording on that page could definitely be improved but I really appreciate seeing the functions in question and the reassurance that the passwords are properly hashed.