change sha1 to crypt_sha512 with some rounds

[ghost]

I love Ion Auth except for the fact that it uses single iteration sha1 hashing when stores passwords.

Why single MD5, SHA1, SHA256, SHA512, SHA-3 hashing is bad?:

1) Because it's so fast. A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds. sha1 is about the same speed. And that’s without investing anything. If you’re willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second. And that rate you’ll be cracking those passwords at the rate of more than one per second.

2)Salts Will Not Help You - It’s important to note that salts are useless for preventing dictionary attacks or brute force attacks. It doesn’t affect how fast an attacker can try a candidate password, given the hash and the salt from your database. Salt or no, if you’re using a general-purpose hash function designed for speed you’re well and truly effed.

3)SHA-1 is being retired for most government uses; the U.S. National Institute of Standards and Technology says, "Federal agencies should stop using SHA-1 for...applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010".

What to do?

Use bcrypt. Actually - use php's bcrypt implementation - crypt function (there are several different options - best ones would be crypt_sha256, crypt_sha512 or crypt_blowfish). Imho -i'd go for crypt_sha512.

Why is it better?

Because it introduces a work factor, which allows you to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore’s law. As computers get faster you can increase the work factor and the hash will get slower.How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password yaaa in about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.So we’re talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I'd be cracking them every 12 years or so. Your passwords might not need that kind of security and you might need a faster comparison algorithm, but bcrypt allows you to choose your balance of speed and security. Use it.

How to add it to Ion Auth? Easy.(read php crypt function manual first)

1) In Ion Auth config file set hash length to 16 (for crypt_sha512 variant). 2) use your weapon of choice to modify sql schema (phpmyadmin). Password field has to be extended from 40 to 123 characters. 3) Modify following functions in Ion Auth model [code]function hash_password_db function hash_password[/code]

Instead of sha1 functions use something like here:

[code]return crypt(string $password, string $salt);[/code]

where $salt variable has to be in the following format (thanks php):

[code] $id$rounds=number$actualsalt[/code]

where: [b]id[/b] - type of hashing (1 - for md5, 2a for blowfish, 6 for sha512 etc) [b]rounds[/b] - CPU load, number of iterations. The higher the number - the higher CPU requirements. that's what makes it really hard to break. can be any number from 1000 to 999,999,999. Default 5000 [b]$actualsalt[/b] -obviously 16 characters salt

So - for example:

[code]return crypt($password, '$6$rounds=6000$'.$salt.'$');[/code]

You can use phpmyadmin again to add a 1-st user:

[b]salt [/b](16 chars): aaaaaaaaaaaaaaaa [b]hash [/b](if 6000 iterations and crypt_sha512): $6$rounds=6000$aaaaaaaaaaaaaaaa$DIu5Q9s6kgfnxcDQPZZ/Xt6T5gar0eBbZShHRWp.aHbBO5nskNc2U1I6YX5aJD6GnKh43i/9EVxV2L5.jrQsw0

Yeas - that entire thing is a hash starting from $6$ and ending in Qsw0

I like Ion Auth more than any library out there for CI and I think that this should be addedd to it instead of default sha1 mechanism

Hope this helps.

[benedmunds]

Hey dreamer,

I really appreciate this. The reason I am using the encryption algorithm I am using now is for backwards compatibility with Redux Auth. It seems that Ion Auth has pretty much taken over Redux so backwards compatibility may not be an issue for much longer but then it would be an issue for the existing Ion Auth user base.

The best compromise would be to add this as a config option so existing installs don't break.

One thing I've been wanting to add for awhile is a lock out, a five wrong passwords and you are locked out and must reset by email sort of thing. In your opinion is there any advantage in changing the hashing algorithm over adding a lockout? The only time I could see the advantage is if a hacker gained access to the DB data...

Thanks!

[ghost]

IMHO. I would add both. Actually lockout - is what I'm working on right now. I wouldn't worry about backward compatibility - it's not like it's a commercial app. You don't owe anything to anyone. If it's better - just implement it.

[philsturgeon]

dreamer111: Remember that Ion Auth is the most used auth system around, used in PyroCMS and in several other commercial addons. As Ben is one of the contributors for PyroCMS I would strongly suggest we don't do anything to bust compatibility.

[benedmunds]

dreamer,

I've personally used Ion Auth in several commercial apps and a few enterprise apps plus there is all the Pyro installs that Phil mentioned.

Backwards compatibility doesn't see like a big deal until you need it. Causing hundreds or thousands of existing users to not be able to log in after a library upgrade ends up being a pretty big deal.

If you fork and send me a pull request for the lock out code I'll be glad to merge it in. Just don't add any additional tables, use the users table. And I will think about adding additional encryption options in as a config option at some point in the future.

Thanks!

[ghost]

i seriously question "PyroCMS commercial" use. afaik Admin theme doesn't even support ie. also - Phil seem to be a douche.

[philsturgeon]

We turned over a few £k since the launch of our store and have over 10,000 installs, so yes it is commercial use. Besides as Ben points out I am not the only one using it, several of our friends (and a lot of the community) uses Ion Auth, it has become the defacto-standard like Redux used to be.

Not sure what your attitude is about, but try to keep the conversation constructive. A config option for this would be fine.