Serendipity Snapshot: New login hashing

Since quite some time, Serendipity uses old-fashioned md5 hashes to secure your passwords for logins to the backend.

Because mechanisms to crack md5 hashes with rainbow tables or even "dictionary hash"-lookups are getting more and more popular, we have decided to finally take the step to raise the serendipity hashing mechanism to something salted, and more secure (SHA1). Even though md5 hashes are still reasonably(!) safe when you use long, randomized passwords, the old-style hashing is a one-way route to hell.

Serendipity has always been had high tributes to backwards compatibility and ease-of-use and ease-of-upgrading, we have decided to take the "soft" upgrade approach. That means, new Serendipity versions will accept your old MD5 login ONCE, and then will use your user-specified password to create the safer hash and store that to the database.

This will help in hypothetical attack situations, where someone might have gotten hand on your hash values stored inside the database, because he will no longer be able to reverse-engineer your original password.

We could need help from any developer or betatester trying out the new functionality. Upgrading to the latest snapshot (get it from the s9y nightly downloads) with Serendipity 1.5-alpha2 will deploy the necessary database upgrades. Note that the one-time MD5-login is only possible in the first 6 months after you performed the installation of this serendipity version (through a saved timestamp in the database), and after that timespan, you can no longer login with the old password and must reset your password through the Administrator (or manual means, if you are the administrator).

Once you perform the update (do not try this on production blogs currently), everything should continue as usual. If it does not, please report your exact problems here or in the Forums. It is suggested that once you have the new serendipity version you change your password, so that nobody that might have already gotten your old md5 hash can use the reverse-engineered password to login again with the new hash created from the same original password.

Feedback is appreciated. The current mechanism is subject to change and currently more a proof-of-concept - feedback will most definitely lead to improvement. :-)

Trackbacks

Trackback specific URI for this entry

  • No Trackbacks

Comments

Display comments as (Linear | Threaded)

anonym on at :

Hi Garvin,

great to hear that MD5 will be dumped. The soft migration sounds good and salting sounds good too.

But why not using a Hash-algorithm from the SHA-2 family (SHA512 etc.) now? It's what the NIST currently recommends (at least until the next generation hash is found). Performance should'nt be an issue here because the value would be calculated infrequently.

Garvin on at :

anonym,

additionally to what Anonym wrote (that using salted passwords is quite secure on its own already), we cannot easily use any SHA2-type algorithm because it's not contained in vanilla PHP distros. Emulating it in PHP-Scope would be both slow and a risk in implementation.

Free Books on at :

Serendipity has always been had high tributes to backwards compatibility and ease-of-use and ease-of-upgrading, we have decided to take the "soft" upgrade approach. That means, new Serendipity versions will accept your old MD5 login ONCE, and then will use your user-specified password to create the safer hash and store that to the database.

Simone on at :

I agree. If you're going to change, you might want to skip what's already considered unsecure. See http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Anonymous on at :

read your link and try to understand...
when salted, md5 and sha1 are both secure if used for passwords.

Simone on at :

hm... are you sure?

http://www.neurofuzz.com/modules/software/ssha_attack.php

Simone on at :

hm, the previous link actually talks about brute-forcing, so that may not be so useful after all... sorry :-)

neelkant on at :

hi u r good boy

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed