A year ago, it required a small supercomputer to find collisions in a reasonable time. Today, it can be done on a relatively common CPU. You point out that the collision IV is 1024 bits now. In order for it to work with phpBB's password length limitation, it has to decrease to 256 bits.NeoThermic wrote: I also have to note, I've been unable to find any links to proof of attacks on input data which is less than 1024 bits. The user of a phpBB system is actually limited to a password of 32 characters, so we are a good deal short on the 1024 bits that seems to be required at minimum for the attacks.
You're defending an algorithm that is collapsing under fire from all sides.
SHA256 is available via the Message package in PEAR. Even aside from that, there's this code that provides SHA256 under LGPL.As was noted as well, there's not much you'll be able to go to either. SHA1 needs 4.3.x (not withstanding the fact that SHA1 has nearly the same problems as MD5), while SHA256/512 are not generally avable in PHP.
Claiming that one shouldn't use a function because it's not generally available in PHP is a really weak argument. How many functions were re-written for phpBB 2.0.x to take into account that some were not available until certain later versions of PHP?
You're still thinking narrowly, putting the attacker in one place. What about traffic sniffing? Multiple users on one computer? Gaining access to the hash is the first step, and there are various means of doing so. That's sometimes a weakness that can't be addressed by a server, because the server isn't a part of the entire chain. Securing that part which we can, within reason, is the sign of a responsible community. We can't put SSL in place on every box, or distribute one-time pads to every user, but we can improve the hashing algorithm to move beyond the not only weakened but clearly doomed MD5 algorithm.As a final note, as is pointed out in this topic a few times, if you, as an outside attacker, can obtain MD5 hashes, then you've already got enough access to do more than that (such as change passwords, etc).
So we shouldn't take reasonable precautions to protect the users? How difficult would it really be to move to something else? I don't subscribe to the school of thought that says that if a person uses the same password in more than one location, they get what they deserve. Protections should still be put into place.If you're using the same passwords over many diffrent login systems, that isn't the fault of any software, just you.