[TYPO3-core] RFC #13754: Secure Install Tool Login

Thu Mar 11 00:38:46 CET 2010

Marcus Krause schrieb:
> Then, keeping that in mind, could you please outline why to use SHA-256
> instead of SHA-1. SHA-1 method in PHP is available with 4.3.0+. SHA-256
> requires ext/hash (enabled by default with 5.1.2+)

SHA-1 and MD5 aswell already got known methods for attacking - both have 
known, usable collisions and known methods for preimage attacks. As a 
said, they don't apply to password security a the moment - but if the 
algorithm is already broken, it's only a matter of time, till the rest 
is unsafe too).

According to http://typo3.org/download/packages/, the only Version not 
requiring PHP 5.1.x+ is 4.1, but the maintenance will end in around 
three months. I see no use in switching to an alreay broken, weak hash 
algorithm if we simply just can wait a bit and do the it "right" then.

> So stay with MD5?

For the moment, yes - switching to SHA-1 won't help. Security of the 
hash is basicaly the same and we have no profit by having a greater 
amount of possible hashes.

>> [...] but all that extra time is worth nothing if the
>> attacker simply uses a pre rendered rainbow table [...]
> 
> That qualifies for using a salted password. (useless pre-rendered
> rainbow table).

Yes, using a salted password will increase the security of the hash 
drasticaly but it still wont increase the security if we stay with the 
"stupid passwords" problem.

> You probably won't run dictionary attacks when having the hash;

By dictionary attack i don't meant brute forcing the login, i meant 
creating a hash table by using a dictionary - this takes about "a day" 
for the mentioned example passwords to create a new table.

Salted passwords only increase the security if you want to protect many 
passwords since the attacker needs to run his hash table generator with 
every single salt.

If it's the goal to attack just one single password, neither a salt nor 
a stronger hash wont help anything if the password is stupid.

If the password is already strong, it also does not matter if the hash 
is strong or salted (if we ignore hash based security issues like 
preimage attacks).

> After all, I'm unsure what you're suggesting with your mail!

To sum up my suggestion:

- Switch to SHA-256 (unsalted) as soon as the support for 4.1 runs out 
and PHP 5.1.x is a requirement (but keep in mind that this won't improve 
the security currently but might be safer for the future, since there is 
no known collision for SHA-256)

- Don't salt the password, since it won't significantly improve the 
security of a single password.

- Add a random install tool password generator wich generates very 
cryptic, long and strong passwords.

- Print a warning, if the entered password (at login or at creation?) is 
very short or does not use any character besides A-Za-z0-9.

Well, maybe i really should think of a patch if i got time ;)