2016-09-07 17:11 GMT-03:00 CM <[email protected]>: > Hey, > > I wrote about this in boinc_projects but felt it would appropriate to also > post it in the boinc_dev mailinglist before raising an issue in the BOINC > github: > > http://lists.ssl.berkeley.edu/mailman/private/boinc_projects/2016-September/011834.html > > > Topic of discussion: The current BOINC project user password > hashing process! > > Upon creating an account, the user's password is hashed as an md5 & salted > with their email address: > https://github.com/BOINC/boinc/blob/master/html/user/create_account_action.php#L107 > > If a BOINC server was fully compromised, the attacker would have access to > all user's email addresses in the SQL table (entirely negating the salt's > effectiveness) leaving the password only protected by an md5 hash. > > I looked up whether or not an md5 password hash is sufficient protection, > and the overwhelming response was a resounding no: > https://security.stackexchange.com/questions/19906/is-md5-considered-insecure > > "Using salted md5 for passwords is a bad idea. Not because of MD5's > cryptographic weaknesses, but because it's fast. This means that an attacker > can try billions <http://hashcat.net/oclhashcat-plus/>of candidate passwords > per second on a single GPU." > > I realise that switching to a different password hashing mechanism for an > existing BOINC account wouldn't be possible without resetting the entire > user base's passwords via email (which would be a nightmare), but for a new > BOINC project would it not be advisable to switch to using a more secure > password hashing process such as Bcrypt or PBKDF2 for password hashing? > > Looking further into this, using boinc-server-docker provides php v5.6 & in > php v5.5 they introduced simple password hashing functionality > (password_hash(), password_verify(), etc) which implements bcrypt which is > significantly more secure than md5 & it wouldn't be adding crazy amounts of > new code nor external libraries. > > https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016 (see > the php section, pretty simple!) > > https://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php > > If we were to migrate from 5.6 to 7.0+ in the future > (https://secure.php.net/manual/en/migration70.php would it pose a > significant challenge?), we could also switch to Argon2 instead of bcrypt as > default: https://password-hashing.net/ (Also worth checking out the other > entries). > > Thoughts regarding this? I'm going to try using Bcrypt in my 'Project Rain' > project.
To login, you send the email address and the password hash. The hashing algorithm is irrelevant because you don't even need to crack it. If the server is compromised, you get access to the password hash, and you can send it in a request to login. There are no "candidate passwords" involved. BOINC has the security equivalent of storing the passwords in plaintext. The security or speed of MD5 is absolutely irrelevant. -- Nicolás _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
