https://bugzilla.wikimedia.org/show_bug.cgi?id=28419
--- Comment #81 from Chris Steipp <[email protected]> --- With recent events [0], I'd like to capitalize on lots of people wanting this and get it pushed through soonish. I think we actually have 3 parts to the bug: * Updating MediaWiki to better handle multiple password types, and make it easier to extend by extensions and in the future. There were probably a couple of things I would change in Tyler's now-abandoned gerrit 77645, but I think it's close. Tyler, what would it take to finish that? * Updating the current WMF database to use a stronger format. Tim's suggestion from 2010 I think is still pretty good (although we would probably want an 8 or 9 work now). Bcrypt could also be used in a similar way (take the bcypt of the :B:-format hash). Whatever the WMF uses, we'll probably use something that we can do a one-way conversion from :B: hashes, so that we upgrade our entire database without user interactions. However, php 5.3.7 is required for a sane, native php version of bcrypt [1], so I'm actually leaning towards Tim's Whirlpool at this point. * Since all of the legacy password formats can be converted to :B: hashes, and if we make an upgrade from :B: to a new, strong :C: format, I think MediaWiki should remove all of the insecure types (and $wgPasswordSalt, bug 54948). A couple times on this bug pepper was brought up, which would have saved us in this recent incident, since only database tables were leaked and not our private code repo. So I think we need that included in whatever :C: method we chose. In our case, I think adding an HMAC keyed with a secret (the "pepper") would work. Then if our secret is ever stolen (but not our password hashes), we can keep adding new pepper keys, and re-store our hashes with another HMAC applied using the new secret. If both the pepper and the hashes are stolen, then we need (a good) way to force password changes, but I'll open a separate bug for that. [0] - https://meta.wikimedia.org/wiki/October_2013_private_data_security_issue [1] - http://www.php.net/security/crypt_blowfish.php -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
