Why is MD5 used for hashing Password? about webissues HOT 5 CLOSED

This custom class is based and fully compatible with phpass, which is used by major PHP applications, including WordPress. Although salted MD5 is not secure, the phpass algorithm uses password stretching to make generating the hash much more computationally expensive, and therefore more secure.

from webissues.

Stretching the password may be more secure, but is still not comparable with bcrypt, which is used in password_hash by default.

Also given that the authors from phpass say own their Website to not use it unless the Project requires < PHP 5.5, which is not the case here.

At this time, if your new project can afford to require PHP 5.5+, which it should, please use PHP's native password_hash() / password_verify() API instead of phpass.

I don't see the point in not using the native functions with a better Hashing Algorithm. The only downside would be, that Users have to re-enter/change their password one time. Given the gain in Security is a no-brainer in my opinion. Although, this could be mitigated by using both - phpass and the native functions - for a short time. Deprecating phpass, and only using it to check passwords, but not store new ones. When logging in, if the phpass check method returns false, also check the password_verify function. Also, notify the Users in the client to re-enter their password to use the better hashing algorithm. And eventually, remove phpass completely in a few releases.

I also don't know, if WordPress is the best Password Security Benchmark for this. They also don't use the Vanilla phpass library. They modified it to use 8192 iterations when hashing. Frameworks like Drupal 7 changed phpass to use SHA-512. (Ref)

It is not hard to crack a Password generated with phpass, there are multiple tools, like hashcat, that have support for this exact hash type. Cracking simple passwords in 1-10 Seconds, more complex in a few minutes. No Hashing Alogrymptm is perfect, but this is just too fast and renders the hashing itself obsolete.

I would fork this anyway and implement it in such a way since we plan on using this tool. I can open a PR regarding this if wanted.

from webissues.

You're welcome to open a PR. I have nothing against using password_hash as long as the current hashes continue to work - they can be updated automatically when the user logs in.

from webissues.

I can only think of two solutions for this problem since it's not possible to rehash the old md5 hash with bcrypt:

• Accept the md5 for checking the password, so the users can still log in and set passwd_temp for everyone to true so that they can enter a new password or the same that gets hashed with bcrypt.
• Accept the md5 for checking the password, but display a warning alert, describing that it's recommended to change the password if it's not encrypted with bcrypt.

In both cases, only the md5 methods for checking the password would still be present. Everything with generating new hashes would be handled by password_hash with bcrypt.

from webissues.

They don't have to enter a new password. When a user logs in and the password is validated using phpass, it can be automatically hashed using password_hash and updated in the database.

from webissues.