-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brion Vibber wrote:
As a note; AFAIK versions of PHP prior to 5.1.2
include only MD5 and
SHA-1 digest functions built-in, and the rumor is SHA-1 isn't safe
enough either. [snip]
I would recommend rolling a pure-PHP implementation of SHA-256 and
siwtching to the hash implementation if it is present. The hash isn't
computed very often: only during login and password setting, so any
performance penalty incurred wouldn't be that bad. Plus, there are
already a number of quite fast SHA-256 implementations out there for
PHP. I personally recommend: <http://code.tatzu.net/sha256/>
With appropriate hash functions present, we could
indeed auto-upgrade
hashes on login. (A new field is not necessarily required; the existing
hash field can be upgraded to indicate the hash algo along with the hash
value. And in a happy case of coincidence, the password hash fields are
tinyblobs, so anything that fits in 255 bytes is cool...)
Works then, since raw binary SHA-256 output is only 256 bits (64 bytes,
I believe). We can easily spare another 7 bytes to prepend it with
something along the lines of "sha256:"
Simetrical wrote:
Aren't the vulnerabilities limited to the attacker
creating a
collision of two strings *that the attacker created* sharing a common
prefix? Are they relevant to a password hash? There's no preimage
attack against MD5, and that strikes me as the only thing relevant to
passwords. Things like certificates can be a problem, of course,
depending on exact implementation.
Well, in spite of these extremely devastating attacks in the collision
area, the keyspace of MD5 is extremely small: 128 bits is small enough
that a birthday attack is extremely feasible. MD5 also has many
comprehensive rainbow tables (including one that's 4.9 TB large!) I
think it's worth migrating, even if the security increase is
comparitatively small. It's not difficult to do.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFFtXgoqTO+fYacSNoRAlD+AJ4rbqYappCdINOnd04L+2c/XxpDKACeJNWu
HxrsAq6hlrMjKKOk//inoUE=
=3wk3
-----END PGP SIGNATURE-----