MyBB Community Forums

Full Version: MyBB uses insecure password hashing algorithm
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
MyBB 1.8 is using MD5 for its password hashing algorithm, which is horribly insecure. Besides collisions residing in MD5 itself, MD* and SHA* were never meant to be used for passwords - they are built for speed, which is not what password hashing needs. Additionally, salting does not resolve this issue, it just makes rainbow table attacks harder.

$salted_password = md5(md5($this->login_data['salt']).$password);
from https://github.com/mybb/mybb/blob/15c11a...n.php#L177

PHP5.5 and above support password_hash, and it would not be difficult to add a fallback for older versions. password_hash uses bcrypt, which has a lot of advantages including being able to tune the number of iterations and it can not be bruteforced. Also, password_hash handles salting.
We'll use BCrypt in 2.0, however we won't change the hashing algorithm in 1.x. There was a lot of discussion about this for 1.8 but in the end we decided to leave it as it is. Considering how other Softwares hash their passwords (using the username as salt or things like that) ours is still good enough. Writing a plugin for BCrypt shoudn't be to hard though, just take a look at the loginconvert plugin for the merge system.

Remember that we need to consider a lot of things when changing something fundamental like the password hashing algorithm.
I understand, but right now (before 1.8) is possibly the best time to change it. You are essentially saying you acknowledge you will ship insecure software in a few months. You can't possibly want to suggest to use a third party plugin to plug a major security issue in unreleased software.
(2015-05-03, 04:24 PM)iangcarroll Wrote: [ -> ]I understand, but right now (before 1.8) is possibly the best time to change it. You are essentially saying you acknowledge you will ship insecure software in a few months. You can't possibly want to suggest to use a third party plugin to plug a major security issue in unreleased software.

MyBB 1.8 was released as stable 8 months ago; a new password hashing algorithm is a change too big for an ordinary release (1.8.5), especially that it does not constitute a critical security issue.
Quote:I understand, but right now (before 1.8) is possibly the best time to change it.

1.8 has already been released, and such a major change won't be made in a bug fix release (e.g. 1.8.5). The next major release is 2.0 where such changes are acceptable. Additionally, the MD5 hashes would still need to be stored for existing forums until the user logs in.

It's not a major security issue. It's not good by any means, but it's not critical either.
Ah, I (somehow) wasn't aware it had been released, sorry.
(2015-05-03, 05:46 PM)iangcarroll Wrote: [ -> ]Ah, I (somehow) wasn't aware it had been released, sorry.

Yeah, you're a tad bit late to the party, but it's fine Smile.
(2015-05-03, 04:14 PM)Jones H Wrote: [ -> ]We'll use BCrypt in 2.0, however we won't change the hashing algorithm in 1.x. There was a lot of discussion about this for 1.8 but in the end we decided to leave it as it is. Considering how other Softwares hash their passwords (using the username as salt or things like that) ours is still good enough. Writing a plugin for BCrypt shoudn't be to hard though, just take a look at the loginconvert plugin for the merge system.

Remember that we need to consider a lot of things when changing something fundamental like the password hashing algorithm.


Nice to see Bcrypt will be used in 2.0. I may be able to reuse what I had done it already for Xenforo 1.4.x, IPS4.x and phpBB 3.1.x. Definitely, a much stronger hashing than md5. Guess I will need to add support for both of them when 2.0 comes out.

Got it working for the poker game using MyBB 1.8.5

Quote:            /*
             * $hashedpsw = md5(md5($salt).md5($plainpassword));
             * $salt = random 8-chars long string
             * $plainpassword = the password in plain text
             * $hashedpsw = the hashed password
             */
            String members_pass_salt = "i6JkMOGn";
            String password = "MyBB#10180.WannaPlayPoker";
            String members_pass_hash = "64b797be3665615e658b40574d6fd1bd";
            
            String hashedPwd = HashHelper.getMD5(HashHelper.getMD5(members_pass_salt)+(HashHelper.getMD5(password)));
       
Also note that before PHP 5.3.7, BCrypt was broken in PHP. MyBB 1.8 aims to support PHP 5.2 and above, which causes issues. This is why libraries (such as password_compat) require PHP > 5.3.7: http://php.net/security/crypt_blowfish.php
Wow interesting, blowfish will defiantly be good. MD5 is no good.
Pages: 1 2