Difference between revisions of "Proposals/Done/Improve Password Storage"
From Mahara Wiki
< Proposals | Done
(One intermediate revision by the same user not shown) | |||
Line 12: | Line 12: | ||
The layout this page suggests is: | The layout this page suggests is: | ||
+ | * Add a database upgrade script that changes all existing password hashs to sha512(newsalt + oldhash) | ||
* On login, check whether it is using the new hash technique, if so use that | * On login, check whether it is using the new hash technique, if so use that | ||
− | ** Otherwise, | + | ** Otherwise, try to login using sha512(salt + sha1(salt . password)) |
+ | ** If successful change the password to use the new technique (user doesn't need any input except for initial password to log in, and maybe a small pause). Next time they can use the new technique. | ||
A note about bulk uploads: | A note about bulk uploads: | ||
− | When uploading a CSV to create users, we don't really want to spend a large amount of time hashing passwords. Because of this I would suggest using the | + | When uploading a CSV to create users, we don't really want to spend a large amount of time hashing passwords. Because of this I would suggest using the sha512(salt + sha1(salt . password) technique, and on next login this will change. |
+ | |||
+ | Also, a suggestion was made to use a parameter such as passwordsaltmain like moodle. | ||
+ | |||
+ | |||
+ | Also see http://docs.moodle.org/20/en/Password_salting |
Revision as of 16:59, 14 November 2011
This is a brief overview on how to improve the password storage in Mahara.
This is only for user passwords stored in the usr table.
Currently, these passwords are stored as a sha1 of the salt concatenated with the password (PHP sha1($salt . $password)). The salt is generated as $salt = substr(md5(rand(1000000, 9999999)), 2, 8);
A suggestion was made to improve the storage of these passwords by using a stronger algorithm. See https://bugs.launchpad.net/mahara/+bug/843568
The algorithm in question is bcrypt or CRYPT_BLOWFISH (available on PHP 5.3+, and below if it is available on the OS level).
The layout this page suggests is:
- Add a database upgrade script that changes all existing password hashs to sha512(newsalt + oldhash)
- On login, check whether it is using the new hash technique, if so use that
- Otherwise, try to login using sha512(salt + sha1(salt . password))
- If successful change the password to use the new technique (user doesn't need any input except for initial password to log in, and maybe a small pause). Next time they can use the new technique.
A note about bulk uploads:
When uploading a CSV to create users, we don't really want to spend a large amount of time hashing passwords. Because of this I would suggest using the sha512(salt + sha1(salt . password) technique, and on next login this will change.
Also, a suggestion was made to use a parameter such as passwordsaltmain like moodle.