[wp-trac] [WordPress Trac] #21022: Use bcrypt for password hashing; updating old hashes

WordPress Trac noreply at wordpress.org
Tue Sep 17 21:43:30 UTC 2019 

#21022: Use bcrypt for password hashing; updating old hashes
-------------------------------------------------+-------------------------
 Reporter:  th23                                 |       Owner:  (none)
     Type:  enhancement                          |      Status:  new
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Security                             |     Version:  3.4
 Severity:  major                                |  Resolution:
 Keywords:  2nd-opinion has-patch needs-testing  |     Focuses:
  dev-feedback                                   |
-------------------------------------------------+-------------------------

Comment (by mbijon):

 Regarding Base64/basE91...

 The truncation of passwords to 72-chars happens automatically in
 `password_hash()`. Using baseXY methods does not increase the supported
 password length and does not increase the keyspace.

 As for increasing info density, I'm not sure of the point in this
 situation @paragoninitiativeenterprises. Using `base64_encode(
 password_hash('', '' true) )` could be un-done with a one-time operation
 on a leaked DB. then you'd be right back to rainbow table attacks.

 ----

 <red herring alert...>

 @paragoninitiativeenterprises:
 Did you mean to suggest `password_hash( base64_encode( $password ) )`?

 I think that's not really the right debate for a thread aiming to upgrade
 from MD5 ... but it also runs against the recommendations in NIST
 800-63-3:

   Pre-encoding does appear to offer some marginal amount of improvement on
 bad passwords... First, by converting "abc123" -> "YWJjMTIz". But password
 complexity is largely ineffective against modern rainbow tables. Longer
 passwords (ideally passphrases) are a strong recommendation instead of
 complexity.

   Base64 does offer a 4/3rds stretching effect on passwords.
 Unfortunately, the stretching effect of base64 means that password_hash's
 built-in truncation will limit passwords to 54 characters. Anything above
 that length would be discarded. This means a reduced keyspace and
 decreases overall or network-effect security. For example:
   * A 54-char input will base74 to 72-chars. Then `password_hash` would
 use the whole 72-chars
   * A 55-char input would base64 to 74-chars and `password_hash` would
 truncate that to 72-chars

 A better option (once password_hash() is in-use of course) would be to
 have a "sliding salt" that ensured a minimum-length of 72-chars, ie:
 `password_hash( $password . $salt_72_char, PASSWORD_DEFAULT )`. Even a
 short password would get salted to max-out the 72-char limit in
 password_hash.

 This strategy would allow `password_verify()` to STILL WORK, and also
 ensure the larger 14-16 char MD5 rainbow tables do nothing if your DB ever
 is leaked.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:114>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list