[RFC] Use password_hash

These RFCs were either rejected or have been replaced by an alternative proposal. They will not be included in phpBB.
/a3
Registered User
Posts: 97
Joined: Mon Sep 20, 2010 6:44 am

[RFC] Use password_hash

Post by /a3 »

Replaced by [RFC]More secure password hashing



Background: phpBB currently uses a modified version phpass for hashing passwords. phpass is supported for PHP3+ (may drop support for PHP3) and uses the strongest hash available to it.

phpBB 3.0 uses a stripped down of phpass which uses md5+salt by default.

There has been a proposal for developing a password_hash for PHP which has been accepted for PHP 5.5. password_hash uses hash algorithms that are slow and more resilient to brute force search attacks, such as bcrypt. It also provides a much more simple API (and less code for phpBB). password_hash also enables automatic salt generation.

There has also been discussion on more secure hashing for phpBB 3.x.

Proposal: depending on what versions of PHP the phpBB developers decide to support (depending on how long it will be until phpBB4) the phpBB developers should consider using password_hash. If it is eventually decided that versions below PHP 5.5 will be supported for phpBB4, then this proposal should be rejected.

Some examples on this webpage: The new Secure Password Hashing API in PHP 5.5.
Last edited by /a3 on Tue Oct 16, 2012 1:02 am, edited 2 times in total.
$ git commit -m "YOLO"

/a3
Registered User
Posts: 97
Joined: Mon Sep 20, 2010 6:44 am

Re: Use password_hash

Post by /a3 »

Another question (or realisation): will password hashing be implemented by the Symfony framework for phpBB?
$ git commit -m "YOLO"

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] Use password_hash

Post by Pony99CA »

/a3 wrote:password_hash uses hash algorithms that are slow and more resilient to brute force search attacks, such as bcrypt.
Why are slow algorithms a good thing? Is that a typo?

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

/a3
Registered User
Posts: 97
Joined: Mon Sep 20, 2010 6:44 am

Re: [RFC] Use password_hash

Post by /a3 »

Pony99CA wrote:Why are slow algorithms a good thing? Is that a typo?
It's not a typo - I should have explained it in my post. Using a hash which is more difficult to calculate will make it hard to produce rainbow tables or brute force any single hash for a collision.

On the other hand, hashes like MD5 and the SHA algorithms are designed to be as portable as possible, i.e. they can run on very small computers and don't require as much computation.
$ git commit -m "YOLO"

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] Use password_hash

Post by Pony99CA »

That's what I figured, but thanks for clarifying. I would have said "password_hash uses hash algorithms that are more complex and more resilient to brute force search attacks, such as bcrypt (but are also slower because of that).

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: [RFC] Use password_hash

Post by Oleg »

Considering that phpass works fine, whether to change from it to something unproven and likely buggy in the first couple of php versions (see: filter extension) while 4.0 doesn't even have a rough architecture figured out is hardly a productive use of one's time.

User avatar
MichaelC
Development Team
Development Team
Posts: 889
Joined: Thu Jan 28, 2010 6:29 pm

Re: Use password_hash

Post by MichaelC »

/a3 wrote:Another question (or realisation): will password hashing be implemented by the Symfony framework for phpBB?
No
Formerly known as Unknown Bliss
psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
No unsolicited PMs please except for quotes.

Nuisance Value
Registered User
Posts: 3
Joined: Fri Sep 06, 2013 1:43 pm

Re: [RFC] Use password_hash

Post by Nuisance Value »

Whichever is used, I think the users should be given the choice when registering: either they want their password hashed, or they want to save it it uft8, (or they want to smoke it).

Users sometimes contact me asking for their password. I tell them how they can get a new one, but that is often not what they want. When I refuse to tell them what their old password is, they think I'm just too lazy to go and look for it. One person really begged me. She said it was the same password she had on another site, that she could not get a new one from that site because she had registered with an email given to her by a company for which she did not work anymore, and that she really really needed to know her old password... She said she never typed it because her old computer used to remember it for her... She was ready to pay me for my time...

I didn't ask for money, I tried to retrieve it for her by using some programs that were supposed to generate loads of hashes and to compare them with the input, but they ran for ages and never gave any answer. At the end I sent her the hashcode for her old password and wished her good luck with it, as kindly as I could, but now she's not speaking to me anymore, she thinks it's my fault...

It does seem a bit harsh that users are not given the choice, and not even told, when they register, that we will never be able to tell them what their password is. There should at least be a warning of the kind "Please keep a copy of your password, if you loose it we can give you a new one but we won't be able to tell you what your current password is". Or there should be an option "display my password to me in clear text each time I log in", even if it not stored in clear in the forum's database. I think this would make is easier for people to remember what their password is.

Too much security gets in the way of legitimate uses.

User avatar
imkingdavid
Registered User
Posts: 1050
Joined: Thu Jul 30, 2009 12:06 pm

Re: [RFC] Use password_hash

Post by imkingdavid »

Storing passwords in plain text or unhashed form is never going to be a core option. It might be an option to add some language on the registration page to say "Your password will be hashed and cannot be recovered, so keep it in a safe place." or something to that effect.
I do custom MODs. PM for a quote!
View My: MODs | Portfolio
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

Nuisance Value
Registered User
Posts: 3
Joined: Fri Sep 06, 2013 1:43 pm

Re: [RFC] Use password_hash

Post by Nuisance Value »

imkingdavid wrote:Storing passwords in plain text or unhashed form is never going to be a core option. It might be an option to add some language on the registration page to say "Your password will be hashed and cannot be recovered, so keep it in a safe place." or something to that effect.
English-speaking users would understand that, but many French would not. "Hashed" has never been translated into French, we just use the English word. We should say something like: "Your password is going to be encrypted using a one-way encryption method. This means that, from what you type in the password field, we generate a long sequence of characters. Each time you type it, we generate this sequence and we compare this sequence with what we have stored in our database. But, from that sequence, we cannot generate your password (this is why it is called one-way encryption). This is a security for you: if our database is hacked, the hackers won't learn what your password is. However, it also means that if you ever forget your password, we will not be able to tell you what it was, we will only be able to give you a new one.

Putting that up in large letters with a count down, i.e. 15 seconds before the user is allowed to move on to the next stage of his/her registration, would avoid unpleasantness latter on...

Post Reply