[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Thu Nov 8 14:15:09 UTC 2012
#21022: Allow bcrypt to be enabled via filter for pass hashing
------------------------------+------------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: 2nd-opinion punt |
------------------------------+------------------------------
Comment (by westi):
Replying to [comment:24 rmccue]:
> duck_ and I discussed this on IRC, especially with regard to the current
cost factor of 8 in PHPass. On my local box, hashing 1k passwords takes
~2s, giving ~2ms per password. This should probably be bumped up slightly.
The upcoming [https://wiki.php.net/rfc/password_hash password hashing API]
in PHP 5.5 uses [https://github.com/php/php-
src/blob/master/ext/standard/php_password.h#L33 10] as the cost, and we
might want to switch to using that too. There's a
[https://github.com/ircmaxell/password_compat compatibility library].
>
> Note that the compat library requires PHP 5.3.7+, since "PHP prior to
5.3.7 contains a security issue with its BCRYPT implementation"; duck_
noted [http://www.openwall.com/lists/announce/2011/06/21/1 the relevant
crypt_blowfish update] and [http://www.openwall.com/lists/oss-
security/2011/06/20/2 the bug description]:
>
> The majority of hashes (but not all of them) for passwords containing
characters with the 8th bit set are incompatible with OpenBSD's (really
nasty, but no security impact here).
>
> What's worse, approximately 3 in 16 passwords containing a single
character with the 8th bit set have 1 to 3 characters immediately
preceding the 8-bit character ignored. With more than one character with
the 8th bit set, things may be even worse.
>
> Thus, those passwords may be much easier to crack than expected.
>
> i.e. With non-ASCII characters, there are severe security issues.
>
> Due to the above bug, I don't think we should be switching to bcrypt on
by default until we require PHP 5.3.7+, which is not for a while. I'm
going to recommend punting for now, but I'd like a second opinion before I
do.
>
> ----
>
> Replying to [comment:8 jammycakes]:
> > People often underestimate the seriousness of MD5 and the SHA-*
algorithms being "less secure." They aren't just less secure: thanks to
developments in password cracking in the past few years using GPU- and
FPGA- based software, they are '''totally useless.''' Programs such as
oclHashCat even have an option specifically to crack passwords in
WordPress databases -- and the rate at which they can do so is terrifying.
If you're not making a strong password hashing algorithm the default, out
of the box option, you're exposing your users to unacceptable and
unnecessary risk.
>
> If that's the case, I think we should increase the cost factor ASAP
(which is backwards compatible, since it's stored in the salt IIRC).
>
> Replying to [comment:23 harrym]:
> > Wow. I'm surprised it's that low.
>
> Check http://wordpress.org/about/stats/ for slightly more detail.
I think it would be nice to see if we can modify WP's behaviour to use
bcrypt where we can soon, but probably not for 3.5.
We should probably target this investigation for 3.6-early with a view to
backporting into the 3.5 branch as well.
For now I think that pluggable function replacement is better plugin
implementation than a filter for enabling bcrypt on sites where it is safe
to do so.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:25>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list