[wp-hackers] Should password hashing portability be configurable?

Otto otto at ottodestruct.com
Wed Nov 7 19:15:45 UTC 2012 

On Wed, Nov 7, 2012 at 8:18 AM, Harry Metcalfe <harry at dxw.com> wrote:
> However, if that is not a consideration, it
> would surely be better for people to use bcrypt than MD5.

On Wed, Nov 7, 2012 at 1:06 PM, CloudPress Hosting
<cloudpresshosting at gmail.com> wrote:
> I'm not saying they should use the same salt for each user I'm saying it
> should use sha256 for the hash which i believe is supported by every
> version WordPress already supports.

To respond to both of these points: Actually, it doesn't make any real
difference. The underlying cryptographic hash function is pretty much
irrelevant to the concept of password storage.

When encrypting the passwords for storage, you're basically trying for
a very specific goal. The hash must be one-way computable, and it must
take time to crack via brute force, given the hash in advance. That
is, if somebody breaks into your data and gets the hashes, then
reversing them should be as difficult as possible.

- Salting makes it difficult for an attacker to pre-compute the hashes
for a large set of data. Essentially, it makes a password longer. The
salt itself is not secret, and is stored with the hash value.

- Stretching a hash means repeating the hash over and over again, for
many iterations. While repeating a hash a hundred times won't make any
significant speed difference to the login process, it does make the
password cracking process take 100 times longer since that much more
computation has to be used.

Both of these methods apply to *any* hashing scheme, when you are
hashing passwords, and these are where your real password security
comes into play. What choice you use for the hash algorithm itself
doesn't matter, since the attacker can run the same hash algorithm
too. Unless the hash algorithm is extremely slow, which they are
explicitly designed not to be, they are all pretty much equal. As long
as you can't run it backwards, it's fine for this use. MD5, SHA-1,
bcrypt, SHA-256, these are all basically equal for this purpose, their
differences come from other use-cases, not password hashing.

Cases where passwords have been stored in just a hash, for example
plain MD5, are overblown in the sense that it wouldn't make any
difference if the password was stored in plain bcrypt either. The
"plain" part is the issue, not the choice of hashing algorithm.

-Otto

More information about the wp-hackers mailing list