Also see viewtopic.php?f=108&t=33231
igorw wrote:Once we require PHP 5.3 (honestly I don't mind doing this for 3.1, PHP 5.2 just does not make sense at this point), we can use blowfish.
honestly, I agree. Still, believe it or not, there's a significant amount of server running php5.2.
I say: Keep phpbb's version 3.1 php5.2 compatible. Next subversion make it only compatible with php5.3.*.
Please keep this discussion in the relevant topic.
igorw wrote:Once we require PHP 5.3 [...], we can use blowfish.
Please do not confuse people even more. Blowfish is a symmetric block cipher used for encryption
(a processes that is supposed to be reversible). Passwords are not encrypted, they are hashed
(a process that is supposed to be irreversible). What you're referring to is called bcrypt
, a cryptographic hash function for passwords that relies on blowfish. The fact that PHP calls a hash function crypt() and the relevant constant CRYPT_BLOWFISH does not help either.
visionviper wrote:It's time to get phpBB off of using md5 and using stronger encryption standards. What I am proposing is this: When phpBB is installed (or upgraded) it takes a look to see if mcrypt is installed and what encryption is supported. It will then pick the best available (such as AES or Twofish) and uses that.
Passwords are not supposed to be encrypted, they are supposed to be hashed. By using encryption instead of hashing you are weakening the system because the plaintexts can be recovered given the key. And you have to store the key somewhere.
I would love to personally work on this and see it included. I've been working on a mod
that updates the encryption for phpBB (and I'm confident it will finally pass validation). I think security is very important and I want to help make phpBB more secure.
I am sorry, but storing an encrypted version of a plaintext along with the decryption key is as dumb as storing the plaintext itself. If this is the case for your mod, I will personally make sure it will not pass validation anytime.
imkingdavid wrote:I'd like to see where... phpBB tossed out md5 encryption since we moved from 2.0 to 3.0. Now, like Oleg said, we use phpass.
MD5 is the underlying cryptographic hash function used by our modified version of phpass, so md5 is used
. It is just not "plain md5".
visionviper wrote:I'm sorry, but I am going to side with US-CERT over a web developer on webdev. US-CERT says it's broken so in my eyes, it's broken - no matter how you use it.
Surely, using a proper hash function is better, your approach of using encryption instead of hashing certainly is not. I'm not convinced md5 being broken as a cryptographic hash function is a practical issue for this use case right now. I should probably research that a little.
visionviper wrote:I know cracked password isn't as bad as someone getting your credit/debit card details, but there is a reason credit card/ssn/etc information is required to be encrypted, not just hashed and salted with md5 or sha.
You seem to be confusing a few thing here. The difference between credit card numbers and passwords is that there is no need to store passwords, they can be stored in a hashed version that do not allow obtaining the plaintext. Credit card numbers have to be used as plaintexts however, so all you can do is encrypt.
Oleg wrote:If we are going to change hashing algorithm, we should sneak some unusual characters into the data being hashed for the benefit of rainbow tables. Something from the 1-32 control char range and 128-255 which is not valid utf-8.
This is not a problem and should not be done as the salt takes care of rainbow tables.