[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing

WordPress Trac noreply at wordpress.org
Thu Nov 8 14:05:34 UTC 2012


#21022: Allow bcrypt to be enabled via filter for pass hashing
------------------------------+------------------------------
 Reporter:  th23              |       Owner:
     Type:  enhancement       |      Status:  new
 Priority:  normal            |   Milestone:  Awaiting Review
Component:  Security          |     Version:  3.4
 Severity:  normal            |  Resolution:
 Keywords:  2nd-opinion punt  |
------------------------------+------------------------------
Changes (by rmccue):

 * keywords:  dev-feedback => 2nd-opinion punt


Comment:

 duck_ and I discussed this on IRC, especially with regard to the current
 cost factor of 8 in PHPass. On my local box, hashing 1k passwords takes
 ~2s, giving ~2ms per password. This should probably be bumped up slightly.
 The upcoming [https://wiki.php.net/rfc/password_hash password hashing API]
 in PHP 5.5 uses [https://github.com/php/php-
 src/blob/master/ext/standard/php_password.h#L33 10] as the cost, and we
 might want to switch to using that too. There's a
 [https://github.com/ircmaxell/password_compat compatibility library].

 Note that the compat library requires PHP 5.3.7+, since "PHP prior to
 5.3.7 contains a security issue with its BCRYPT implementation"; duck_
 noted [http://www.openwall.com/lists/announce/2011/06/21/1 the relevant
 crypt_blowfish update] and [http://www.openwall.com/lists/oss-
 security/2011/06/20/2 the bug description]:

   The majority of hashes (but not all of them) for passwords containing
 characters with the 8th bit set are incompatible with OpenBSD's (really
 nasty, but no security impact here).

   What's worse, approximately 3 in 16 passwords containing a single
 character with the 8th bit set have 1 to 3 characters immediately
 preceding the 8-bit character ignored.  With more than one character with
 the 8th bit set, things may be even worse.

   Thus, those passwords may be much easier to crack than expected.

 i.e. With non-ASCII characters, there are severe security issues.

 Due to the above bug, I don't think we should be switching to bcrypt on by
 default until we require PHP 5.3.7+, which is not for a while. I'm going
 to recommend punting for now, but I'd like a second opinion before I do.

 ----

 Replying to [comment:8 jammycakes]:
 > People often underestimate the seriousness of MD5 and the SHA-*
 algorithms being "less secure." They aren't just less secure: thanks to
 developments in password cracking in the past few years using GPU- and
 FPGA- based software, they are '''totally useless.''' Programs such as
 oclHashCat even have an option specifically to crack passwords in
 WordPress databases -- and the rate at which they can do so is terrifying.
 If you're not making a strong password hashing algorithm the default, out
 of the box option, you're exposing your users to unacceptable and
 unnecessary risk.

 If that's the case, I think we should increase the cost factor ASAP (which
 is backwards compatible, since it's stored in the salt IIRC).

 Replying to [comment:23 harrym]:
 > Wow. I'm surprised it's that low.

 Check http://wordpress.org/about/stats/ for slightly more detail.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:24>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list