Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Rejected] MyBB uses insecure password hashing algorithm
#1
MyBB 1.8 is using MD5 for its password hashing algorithm, which is horribly insecure. Besides collisions residing in MD5 itself, MD* and SHA* were never meant to be used for passwords - they are built for speed, which is not what password hashing needs. Additionally, salting does not resolve this issue, it just makes rainbow table attacks harder.

Code:
$salted_password = md5(md5($this->login_data['salt']).$password);
from https://github.com/mybb/mybb/blob/15c11a...n.php#L177

PHP5.5 and above support password_hash, and it would not be difficult to add a fallback for older versions. password_hash uses bcrypt, which has a lot of advantages including being able to tune the number of iterations and it can not be bruteforced. Also, password_hash handles salting.
Reply
#2
We'll use BCrypt in 2.0, however we won't change the hashing algorithm in 1.x. There was a lot of discussion about this for 1.8 but in the end we decided to leave it as it is. Considering how other Softwares hash their passwords (using the username as salt or things like that) ours is still good enough. Writing a plugin for BCrypt shoudn't be to hard though, just take a look at the loginconvert plugin for the merge system.

Remember that we need to consider a lot of things when changing something fundamental like the password hashing algorithm.
Support PMs will be ignored!
Reply
#3
I understand, but right now (before 1.8) is possibly the best time to change it. You are essentially saying you acknowledge you will ship insecure software in a few months. You can't possibly want to suggest to use a third party plugin to plug a major security issue in unreleased software.
Reply
#4
(05-03-2015, 04:24 PM)iangcarroll Wrote: I understand, but right now (before 1.8) is possibly the best time to change it. You are essentially saying you acknowledge you will ship insecure software in a few months. You can't possibly want to suggest to use a third party plugin to plug a major security issue in unreleased software.

MyBB 1.8 was released as stable 8 months ago; a new password hashing algorithm is a change too big for an ordinary release (1.8.5), especially that it does not constitute a critical security issue.
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#5
Quote:I understand, but right now (before 1.8) is possibly the best time to change it.

1.8 has already been released, and such a major change won't be made in a bug fix release (e.g. 1.8.5). The next major release is 2.0 where such changes are acceptable. Additionally, the MD5 hashes would still need to be stored for existing forums until the user logs in.

It's not a major security issue. It's not good by any means, but it's not critical either.
No longer involved in the MyBB project.
Reply
#6
Ah, I (somehow) wasn't aware it had been released, sorry.
Reply
#7
(05-03-2015, 05:46 PM)iangcarroll Wrote: Ah, I (somehow) wasn't aware it had been released, sorry.

Yeah, you're a tad bit late to the party, but it's fine Smile.
PGP Key (Fingerprint: 9163 CDB6 2513 5205 28E0  5EF5 2FF1 92C4 5261 6DF0)
Reply
#8
(05-03-2015, 04:14 PM)Jones H Wrote: We'll use BCrypt in 2.0, however we won't change the hashing algorithm in 1.x. There was a lot of discussion about this for 1.8 but in the end we decided to leave it as it is. Considering how other Softwares hash their passwords (using the username as salt or things like that) ours is still good enough. Writing a plugin for BCrypt shoudn't be to hard though, just take a look at the loginconvert plugin for the merge system.

Remember that we need to consider a lot of things when changing something fundamental like the password hashing algorithm.


Nice to see Bcrypt will be used in 2.0. I may be able to reuse what I had done it already for Xenforo 1.4.x, IPS4.x and phpBB 3.1.x. Definitely, a much stronger hashing than md5. Guess I will need to add support for both of them when 2.0 comes out.

Got it working for the poker game using MyBB 1.8.5

Quote:            /*
             * $hashedpsw = md5(md5($salt).md5($plainpassword));
             * $salt = random 8-chars long string
             * $plainpassword = the password in plain text
             * $hashedpsw = the hashed password
             */
            String members_pass_salt = "i6JkMOGn";
            String password = "MyBB#10180.WannaPlayPoker";
            String members_pass_hash = "64b797be3665615e658b40574d6fd1bd";
            
            String hashedPwd = HashHelper.getMD5(HashHelper.getMD5(members_pass_salt)+(HashHelper.getMD5(password)));
       
Reply
#9
Also note that before PHP 5.3.7, BCrypt was broken in PHP. MyBB 1.8 aims to support PHP 5.2 and above, which causes issues. This is why libraries (such as password_compat) require PHP > 5.3.7: http://php.net/security/crypt_blowfish.php
Reply
#10
Wow interesting, blowfish will defiantly be good. MD5 is no good.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)