Closed skcin closed 4 years ago
Comment by grctest Thursday Apr 06, 2017 at 00:35 GMT
Tried to get IBM's cybersecurity division aware of this issue, no response yet.
Comment by grctest Wednesday Apr 12, 2017 at 10:51 GMT
In the mean time, a new project could completely block the use of username+password, in favour of using oAuth since it's somewhat supported by the BOINC web server & instruct users to add hosts to their account via their weak auth key.
Advantages:
Disadvantages:
Comment by tomasbrod Wednesday Apr 12, 2017 at 16:03 GMT
I suppor this! anything is better than MD5. Switching to BCrypt can even be done without a mandatory update. Tell mi if I should elaborate.
When BOINC account security changes in a way that requires mandatory upgrade then definitely Secure Remote Password or equivalent should be considered. It provides strong security even with weak and reused passwords. You could safely use the same password with multiple projects. http://srp.stanford.edu/ (the javascript demo is outdated, better impl exists)
Comment by grctest Wednesday Apr 12, 2017 at 16:41 GMT
Tell me if I should elaborate.
Please, go ahead. The migration involves ~4million accounts, it's a pretty daunting task.
Comment by tomasbrod Friday Apr 14, 2017 at 12:10 GMT
Well you let the users login using the old method but continuously nag them to change their password. Once they do, the new password is encrypted in the new format and no logins from old clients is allowed. Maybe add a checkbox that says "do you agree... update boinc required..." to be nice. The database just needs extra column to accomodate new password format. Even SRP could be implemented this way. SRP in boinc client requires OpenSSL. SPR for web login requires javascript library OR boinc manager to provide authentication token.
Edit: https://github.com/RuslanZavacky/srp-6a-demo Also: http://dev.minetest.net/Network_Protocol#Authentication
Issue by grctest Thursday Feb 02, 2017 at 12:27 GMT Originally opened as https://github.com/Erkan-Yilmaz/Gridcoin-tasks/issues/78
The current BOINC password hashing mechanism is quite insecure, migrating BOINC to a far more secure password hashing mechanism (such as Bcrypt/Argon2i/Other) is a good idea in the (hopefully near) future.
The change may require a mandatory upgrade of BOINC clients (which may be a nightmare for the BOINC community, as many do not upgrade their BOINC clients).
Perhaps a foundation-funded bounty would help get this improvement implemented sooner?
https://github.com/BOINC/boinc/issues/1644#issuecomment-272883362
https://github.com/grctest/project-rain-site/issues/9
Argon2i would require an upgrade of PHP from 5.x to 7.x https://github.com/grctest/project-rain-site/issues/10