Posts: 3
Threads: 1
Joined: May 2015
Reputation:
0
MyBB 1.8 is using MD5 for its password hashing algorithm, which is horribly insecure. Besides collisions residing in MD5 itself, MD* and SHA* were never meant to be used for passwords - they are built for speed, which is not what password hashing needs. Additionally, salting does not resolve this issue, it just makes rainbow table attacks harder.
Code: $salted_password = md5(md5($this->login_data['salt']).$password);
from https://github.com/mybb/mybb/blob/15c11a...n.php#L177
PHP5.5 and above support password_hash, and it would not be difficult to add a fallback for older versions. password_hash uses bcrypt, which has a lot of advantages including being able to tune the number of iterations and it can not be bruteforced. Also, password_hash handles salting.
Posts: 2,813
Threads: 140
Joined: Jan 2012
Reputation:
86
05-03-2015, 04:14 PM
(This post was last modified: 05-03-2015, 04:15 PM by Jones H.)
We'll use BCrypt in 2.0, however we won't change the hashing algorithm in 1.x. There was a lot of discussion about this for 1.8 but in the end we decided to leave it as it is. Considering how other Softwares hash their passwords (using the username as salt or things like that) ours is still good enough. Writing a plugin for BCrypt shoudn't be to hard though, just take a look at the loginconvert plugin for the merge system.
Remember that we need to consider a lot of things when changing something fundamental like the password hashing algorithm.
Support PMs will be ignored!
Posts: 3
Threads: 1
Joined: May 2015
Reputation:
0
05-03-2015, 04:24 PM
(This post was last modified: 05-03-2015, 04:24 PM by iangcarroll.)
I understand, but right now (before 1.8) is possibly the best time to change it. You are essentially saying you acknowledge you will ship insecure software in a few months. You can't possibly want to suggest to use a third party plugin to plug a major security issue in unreleased software.
Posts: 1,113
Threads: 103
Joined: Jun 2011
Reputation:
112
(05-03-2015, 04:24 PM)iangcarroll Wrote: I understand, but right now (before 1.8) is possibly the best time to change it. You are essentially saying you acknowledge you will ship insecure software in a few months. You can't possibly want to suggest to use a third party plugin to plug a major security issue in unreleased software.
MyBB 1.8 was released as stable 8 months ago; a new password hashing algorithm is a change too big for an ordinary release (1.8.5), especially that it does not constitute a critical security issue.
Posts: 11,874
Threads: 220
Joined: May 2010
Reputation:
525
Quote:I understand, but right now (before 1.8) is possibly the best time to change it.
1.8 has already been released, and such a major change won't be made in a bug fix release (e.g. 1.8.5). The next major release is 2.0 where such changes are acceptable. Additionally, the MD5 hashes would still need to be stored for existing forums until the user logs in.
It's not a major security issue. It's not good by any means, but it's not critical either.
Posts: 3
Threads: 1
Joined: May 2015
Reputation:
0
05-03-2015, 05:46 PM
(This post was last modified: 05-03-2015, 05:47 PM by iangcarroll.)
Ah, I (somehow) wasn't aware it had been released, sorry.
Posts: 3,140
Threads: 81
Joined: May 2011
Reputation:
91
(05-03-2015, 05:46 PM)iangcarroll Wrote: Ah, I (somehow) wasn't aware it had been released, sorry.
Yeah, you're a tad bit late to the party, but it's fine  .
PGP Key (Fingerprint: 9163 CDB6 2513 5205 28E0 5EF5 2FF1 92C4 5261 6DF0)
Posts: 3
Threads: 1
Joined: May 2015
Reputation:
0
(05-03-2015, 04:14 PM)Jones H Wrote: We'll use BCrypt in 2.0, however we won't change the hashing algorithm in 1.x. There was a lot of discussion about this for 1.8 but in the end we decided to leave it as it is. Considering how other Softwares hash their passwords (using the username as salt or things like that) ours is still good enough. Writing a plugin for BCrypt shoudn't be to hard though, just take a look at the loginconvert plugin for the merge system.
Remember that we need to consider a lot of things when changing something fundamental like the password hashing algorithm.
Nice to see Bcrypt will be used in 2.0. I may be able to reuse what I had done it already for Xenforo 1.4.x, IPS4.x and phpBB 3.1.x. Definitely, a much stronger hashing than md5. Guess I will need to add support for both of them when 2.0 comes out.
Got it working for the poker game using MyBB 1.8.5
Quote: /*
* $hashedpsw = md5(md5($salt).md5($plainpassword));
* $salt = random 8-chars long string
* $plainpassword = the password in plain text
* $hashedpsw = the hashed password
*/
String members_pass_salt = "i6JkMOGn";
String password = "MyBB#10180.WannaPlayPoker";
String members_pass_hash = "64b797be3665615e658b40574d6fd1bd";
String hashedPwd = HashHelper.getMD5(HashHelper.getMD5(members_pass_salt)+(HashHelper.getMD5(password)));
Posts: 12,196
Threads: 214
Joined: Jun 2009
Reputation:
578
Also note that before PHP 5.3.7, BCrypt was broken in PHP. MyBB 1.8 aims to support PHP 5.2 and above, which causes issues. This is why libraries (such as password_compat) require PHP > 5.3.7: http://php.net/security/crypt_blowfish.php
Posts: 132
Threads: 39
Joined: Oct 2014
Reputation:
0
Wow interesting, blowfish will defiantly be good. MD5 is no good.
|
