Hi all, I wanted to bikeshed just a little bit, to make sure there is some consensus.
tl;dr We're upgrading the password hash used to store passwords to make offline cracking more difficult. In doing that, we need to set one of the options as default. Speak up if you have strong feelings about one over the other.
Along with refactoring how passwords are stored and checked, https://gerrit.wikimedia.org/r/#/c/77645 implements two strong hashing algorithms PBKDF2 [1] and bcrypt [2]. I added a followup commit to add in the algorithm that Tim came up with in 2010 using Whirlpool as a hash function [3].
For any of these, there is a maintenance script to wrap current passwords with one of the strong ones, so we can upgrade the whole database without interaction from the users. It's also simple to upgrade the work factor or change to a new algorithm, if we decide that is needed in the future. But for the actual default...
Bcrypt is probably the most common option for password storage in webapps that I see. PHP 5.5 uses it as the default for the new password_hash() function. The only issue is that PHP before 5.3.7 had a flaw in their implementation which resulted in weak hashes. If we set bcrypt as default, we would want to raise the minimum php version to 5.3.7 (it's currently 5.3.2) for MediaWIki 1.23.
PBKDF2 is an RSA standard and is included in PHP 5.5. Tyler did an implementation in the patch to make it backwards compatible. The only downside to it is the connection to RSA, who may have knowingly standardized weak algorithms, although the security properties of PBKDF2 are fairly well studied and haven't been called into question.
The Whirlpool algorithm by Tim would force password cracking software to do a custom implementation for our hashes. It has very similar work effort to bcrypt, and should keep our passwords as safe as using bcrypt. The theory behind it seems good, but obviously, we might discover a gaping hole in it at some point.
Is there any strong preference among these options? My personal vote is for bcrypt, if bumping the php version doesn't seem like a big deal to everyone.
[1] - https://en.wikipedia.org/wiki/PBKDF2 [2] - https://en.wikipedia.org/wiki/Bcrypt [3] - http://www.mail-archive.com/wikitech-l@lists.wikimedia.org/msg08830.html