Change a way how we hash passwords

[Alexander Obuhovich]

Currently In-Portal uses MD5 algorithm to hash passwords in database. Then user supplied password from login form is hashed using same MD5 algorithm and compared to hash in database.

With computing speeds currently available on the market this is not a big deal to guess a password if you already have MD5 hash (e.g. if you have obtained users database).

I recommend reading http://www.troyhunt.com/2012/06/our-password-hashing-has-no-clothes.html article and at least consider 2 things:

• use adaptive hashing algorithm to hash user's password
• use random salt for each of hashed password (this will ensure different hash even if 2 users use same password for their accounts).

--
Best Regards,

http://www.in-portal.com
http://www.alex-time.com

[Dmitry A.]

Interesting observation Alex!

Did you come across the case when someone has broken the password in In-Portal or close it?!

How we can apply "random salt"? Is it safe to discuss this publicly here?

DA

[Alexander Obuhovich]

Breaking a password isn't a problem when you have hashed password database. I'm just telling that current hashing scheme is weakest one of available on the market and if someone does steal database with in-portal passwords, then chances are high that it will be cracked in less then 1 hour.

I'd suggest you to read article in that link to get more info about it.

[Alexander Obuhovich]

Dmitry, will we act here or just sit and wait while in-portal website database could be stolen from weakly protected (or just hacked) server and client passwords will be decrypted?

We can't do mass password re-hashing using new scheme because we don't have plain text password to start with, but I see it like this:

1. we add PasswordHashingMethod column to Users database table and set "md5" to all existing users
2. when user login they type plain-text password (obviously) and at that time we look if user has current password is hashed using "md5" and if so:
1. take plain text password user entered and hash it using whatever new scheme we choose (e.g. salted bcrypt)
2. put new hashing method into  PasswordHashingMethod field value of user record.

This way eventually all user passwords, who at least login to website will be rehashed securely. If users don't login to website at all then we obviously don't care about they password being secured the proper way. 

We of course would need kPasswordFormatter class to be able to work with new hashing method and it's up to use to choose what password hashing scheme he needs. Of course by default we set it to maximal security one, but if for some reasons user passwords needs to be stored using just "md5" (as now) even without salt then we can allow this too.

[Dmitry A.]

Hi Alex,

Sorry for delay with getting back to you.

After some reading and reviewing I agree with you and think we should do it using "salted bcrypt" (will require PasswordSalt column too, so it's random if we want), but I think we can do a better way of encrypting all passwords even for old users who never login.

What if we automatically convert/crypt (during the upgrade) all passwords (their MD5) to their corresponding values (new passwords). So during the Login we can check both methods - crypt(MD5(password)) and crypt(password) based on PasswordHashingMethod value?

What you think?

DA

[Alexander Obuhovich]

Using MD5 hashed password instead of plain text password for old users can be another hashing scheme we use to at least somehow rehash password until user does a login.

[Dmitry A.]

Hi Alex,

I think we have found pretty solid PHP class for generating BCryptted passwords.

Please post the summary of what we decided to do and create a new task based on this.

Cheers!

DA

[Alexander Obuhovich]

Here is a task: http://tracker.in-portal.org/view.php?id=1362

What wasn't covered in discussion was, that we'll use "Portable PHP password hashing framework" (http://www.openwall.com/phpass/) to be able to use BCrypt algorithm in PHP version lower then 5.3, where it's naturally available.

[Alexander Obuhovich]

Here are the patches.

Ready for testing.