New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insecure password hashing #426
Comments
we don;t just use sha1 we also use salts and encrypt the password many times over salt = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "' i believe this has been broken at some russian hacking conference after renting out amazons cloud servers to do 18.1 billion combinations in 3 minutes. the average scumbag will not be able to decrypt these password hashes. |
GPU-based systems like some of Amazon's available instances (at the cost of a dollar or two an hour) can do billions of hashes per second. http://www.golubev.com/hashgpu.htm The average scumbag can get an AWS account and pay a couple bucks, no problem. SHA1 for password hashing is insecure, period. There's a reason PHP's |
Also, posting your salt makes it even easier to decrypt. Hope you've changed that; that's like your secret sauce. Be the sauce boss. Don't share your recipes. |
@geraldarthur I hope you know better, but for anyone who might stumble across this later... You couldn't match the security of bcrypt even by wrapping the above in 5 more sha1() calls, and on top of that bcrypt is future-proof, as you can compensate for future hardware by increasing the amount of work that must be done to create a hash, which will again slow down any attackers. |
what about the padding though? unless the machine knows what the password is in between the hashing its not going to know if its been decrypt correctly. am i wrong? |
The algorithm used to protect passwords is not secure. SHA1 has not been exposed the way MD5 has, but if you're going to use SHA1 you need to use PBKDF2 with the hash_hmac() algorithm. Otherwise, use bcrypt.
I don't have time for a full explanation, but I've written [removed spammers link] on this elsewhere.
The text was updated successfully, but these errors were encountered: