-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Edward Z. Yang wrote:
If I am not mistaken (and I may very well be),
MediaWiki still uses MD5s
to encrypt (well, technically hash, but it's named wfEncryptPassword(),
heh heh) user passwords.
[snip]
If this is indeed the case, we should be considering
migrating away from
MD5 to a more secure algorithm like SHA256.
As a note; AFAIK versions of PHP prior to 5.1.2 include only MD5 and
SHA-1 digest functions built-in, and the rumor is SHA-1 isn't safe
enough either.
There is an 'mhash' module with more algos including SHA256, but it
appears not to be enabled by default:
http://www.php.net/manual/en/ref.mhash.php
The more featureful 'hash' module is available by default from 5.1.2 on:
http://www.php.net/manual/en/ref.hash.php
Currently MediaWiki supports PHP 5.0.4(?) and up, but 5.0 is mildly
annoying (and has some nasty breakage with arrays causing it to fail on
64-bit systems.)
With appropriate hash functions present, we could indeed auto-upgrade
hashes on login. (A new field is not necessarily required; the existing
hash field can be upgraded to indicate the hash algo along with the hash
value. And in a happy case of coincidence, the password hash fields are
tinyblobs, so anything that fits in 255 bytes is cool...)
- -- brion vibber (brion @
pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFFtXKuwRnhpk1wk44RAqZKAJ9YoUN2Ea1VK+Aw9Y4LNEokgwcuWQCdFhYl
hu5nuA+yHUkJ4+fUtbVpWGE=
=WQS2
-----END PGP SIGNATURE-----