Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
1.10 Update Password Hashing Algorithm + Database Encryption
#1
We should offer users a selection of different password hashing algorithms on install. I suggest the following options be presented to the board administrator:
  • argon2
  • bcrypt
  • PBKDF2
  • scrypt
In addition to the above improvements I suggest that the following database tables should be encrypted by default:
  • mybb_users
  • mybb_privatemessages
  • mybb_adminlog
Reply
#2
This user has been denied support. This user has been denied support.
A multitude of password hashing options is a dependency hell (you have to keep supporting all of them in all future releases).

Choose one of those (choose PHP's builtin password mechanism and perhaps crank up PHP requirement to the PHP version that provides it) and then stick with that one. You can have a cost option for that one algorithm then (or rather not, as a high cost is a welcome DoS target and the default should be good enough).

Upgrading old hashes would already be enough of a dependency in and of itself (already takes three tries to verify instead of one) but worth it as it gives the new hash benefits to all users, even inactive ones... there's also a plugin that does it, but in MyBB core you can do the same w/o changing database layout and just a few lines of code.

Quote:In addition to the above improvements I suggest that the following database tables should be encrypted by default:

Encrypt how and whatever for? First of all the server has to be able to decrypt it anyway, so it won't stop malicious admins. Second how do you even query an encrypted database? Enter keywords, search PM, uses database queries to be possible, once encrypted what do you do?

Maybe it's possible to encrypt database backups. But MyBB's backup task is already heavy on resources, even after optimizing it. It's also error prone (like the issues with partially gzipped backups in the past). Also I'm not sure if the average MyBB user would know how to decrypt these.
Reply
#3
(2017-11-20, 05:48 PM)frostschutz Wrote: Encrypt how and whatever for? First of all the server has to be able to decrypt it anyway, so it won't stop malicious admins. Second how do you even query an encrypted database? Enter keywords, search PM, uses database queries to be possible, once encrypted what do you do?

Both MySQL and PostgreSQL offer table-level encryption which your web applications can make use of. AFAIK the web application (MyBB in this case) uses a decryption key to access the data within those specific tables.

This is useful in situations where you have two different servers (a front-end application server and a backend database server), since you can store the decryption key on the application server only. Therefore if only the database server is compromised the attacker has no access to the most sensitive parts of your database.
Reply
#4
We might stick with bcrypt for compatibility with latest Laravel and switch to Argon2i later on if the framework doesn't catch up; exposing too many options might create more migration problems, but swapping algorithms would be easy enough and MyBB should provide tools for conversion and wrapping like DVZ Hash does.

Table encryption is probably best left to 2.0 so the implementation can happen in a single location rather than be spread across the whole codebase.
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#5
(2017-11-20, 06:11 PM)Devilshakerz Wrote: Table encryption is probably best left to 2.0 so the implementation can happen in a single location rather than be spread across the whole codebase.

I was under the impression that 1.10 would include new SQL drivers /w PDO, would it not be possible to add table encryption at that point? Seems quite logical to me.

I'd love for Argon2 to be the base default, but I think we're aiming for PHP 5.6 to be the new minimum, not 7.2 which IIRC is the minimum version required to use argon2_password_hash.
Reply
#6
(2017-11-20, 06:15 PM)kawaii Wrote: I was under the impression that 1.10 would include new SQL drivers /w PDO, would it not be possible to add table encryption at that point? Seems quite logical to me.

Not all Laravel modules would be pulled in and most likely only a small portion of queries will be actually rewritten with the query builder (it can be used in MyBB's own wrapper, but not all queries use it either).
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#7
(2017-11-20, 06:25 PM)Devilshakerz Wrote:
(2017-11-20, 06:15 PM)kawaii Wrote: I was under the impression that 1.10 would include new SQL drivers /w PDO, would it not be possible to add table encryption at that point? Seems quite logical to me.

Not all Laravel modules would be pulled in and most likely only a small portion of queries will be actually rewritten with the query builder (it can be used in MyBB's own wrapper, but not all queries use it either).

That's fair enough then, I'm assuming that bcrypt will be the most likely candidate rather than Argon2, which is a shame but I can't see that being enough justification for raising the minimum PHP version to 7.2 unfortunately. Undecided
Reply
#8
Yeah, BCrypt should be the default. Argon2 still doesn't have a great deal of adoption, doesn't really offer quite enough of an improvement to justify bumping minimum version to PHP 7.2 (a release which hasn't happened yet), and anything really is better than we currently have.
Reply
#9
How long has Argon2 been around for? Bcrypt is a tried and tested algorithm.
People thought Scrypt would be the end all and be all, but it turned out to just be equivalent to Bcrypt, although it does have the advantage of not limiting the length of the passwords.
Reply
#10
(2017-11-24, 01:59 AM)Azah Wrote: How long has Argon2 been around for? Bcrypt is a tried and tested algorithm.
People thought Scrypt would be the end all and be all, but it turned out to just be equivalent to Bcrypt, although it does have the advantage of not limiting the length of the passwords.

Argon2 has been around for a few years now, but it's already won some awards. It offers benefits over bcrypt because it is somewhat more resistant to GPU cracking.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)