Serendipity Snapshot: New login hashing

Since quite some time, Serendipity uses old-fashioned md5 hashes to secure your passwords for logins to the backend.

Because mechanisms to crack md5 hashes with rainbow tables or even "dictionary hash"-lookups are getting more and more popular, we have decided to finally take the step to raise the serendipity hashing mechanism to something salted, and more secure (SHA1). Even though md5 hashes are still reasonably(!) safe when you use long, randomized passwords, the old-style hashing is a one-way route to hell.

Serendipity has always been had high tributes to backwards compatibility and ease-of-use and ease-of-upgrading, we have decided to take the "soft" upgrade approach. That means, new Serendipity versions will accept your old MD5 login ONCE, and then will use your user-specified password to create the safer hash and store that to the database.

This will help in hypothetical attack situations, where someone might have gotten hand on your hash values stored inside the database, because he will no longer be able to reverse-engineer your original password.

We could need help from any developer or betatester trying out the new functionality. Upgrading to the latest snapshot (get it from the s9y nightly downloads) with Serendipity 1.5-alpha2 will deploy the necessary database upgrades. Note that the one-time MD5-login is only possible in the first 6 months after you performed the installation of this serendipity version (through a saved timestamp in the database), and after that timespan, you can no longer login with the old password and must reset your password through the Administrator (or manual means, if you are the administrator).

Once you perform the update (do not try this on production blogs currently), everything should continue as usual. If it does not, please report your exact problems here or in the Forums. It is suggested that once you have the new serendipity version you change your password, so that nobody that might have already gotten your old md5 hash can use the reverse-engineered password to login again with the new hash created from the same original password.

Feedback is appreciated. The current mechanism is subject to change and currently more a proof-of-concept - feedback will most definitely lead to improvement. :-)

Trackbacks

Trackback-URL für diesen Eintrag

  • Keine Trackbacks

Kommentare

Ansicht der Kommentare: (Linear | Verschachtelt)

anonym am um :

Hi Garvin,

great to hear that MD5 will be dumped. The soft migration sounds good and salting sounds good too.

But why not using a Hash-algorithm from the SHA-2 family (SHA512 etc.) now? It's what the NIST currently recommends (at least until the next generation hash is found). Performance should'nt be an issue here because the value would be calculated infrequently.

Garvin am um :

anonym,

additionally to what Anonym wrote (that using salted passwords is quite secure on its own already), we cannot easily use any SHA2-type algorithm because it's not contained in vanilla PHP distros. Emulating it in PHP-Scope would be both slow and a risk in implementation.

Free Books am um :

Serendipity has always been had high tributes to backwards compatibility and ease-of-use and ease-of-upgrading, we have decided to take the "soft" upgrade approach. That means, new Serendipity versions will accept your old MD5 login ONCE, and then will use your user-specified password to create the safer hash and store that to the database.

Simone am um :

I agree. If you're going to change, you might want to skip what's already considered unsecure. See http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Anonym am um :

read your link and try to understand... when salted, md5 and sha1 are both secure if used for passwords.

Simone am um :

hm... are you sure?

http://www.neurofuzz.com/modules/software/ssha_attack.php

Simone am um :

hm, the previous link actually talks about brute-forcing, so that may not be so useful after all... sorry :-)

neelkant am um :

hi u r good boy

Kommentar schreiben

Die angegebene E-Mail-Adresse wird nicht dargestellt, sondern nur für eventuelle Benachrichtigungen verwendet.

Um maschinelle und automatische Übertragung von Spamkommentaren zu verhindern, bitte die Zeichenfolge im dargestellten Bild in der Eingabemaske eintragen. Nur wenn die Zeichenfolge richtig eingegeben wurde, kann der Kommentar angenommen werden. Bitte beachten Sie, dass Ihr Browser Cookies unterstützen muss, um dieses Verfahren anzuwenden.
CAPTCHA

BBCode-Formatierung erlaubt
Markdown-Formatierung erlaubt