OSCommerce Product Manager

If we follow something like HMAC (Keyed-Hashing for Message Authentication), described in the RFC 2104, we should do:

MD5 (Password + Padding + MD5 (Password + Padding + Salt))

Anyway, as stated in that RFC: "periodic key refreshment is a fundamental security practice that helps against potential weaknesses of the function and keys". As the user most likelly will not change the password that often, we can add a brute-attack detection feature, so the script is blocked for a certain amount of time and for an IP address if it receives too many failed login attempts from that IP address. That should be a different feature request.

Not quite correct...

MD5 (Password XOR 0x5c-Padding + MD5 (Password XOR 0x36-Padding + Salt))

That is, pad the password with zeroes to get a 64 bytes string, XOR the padded password with a string of 0x36 of size 64 (the blocksize of MD5), concatenate it with the salt (the timestamp), then hash the whole string using MD5. Again, pad the password with zeroes, XOR the padded password with 64 0x5c, concatenate it with the previous result, and hash it with MD5.

In PHP5 there is an HMAC function. I think we will have to create our own to support PHP4.

Also, we are not authenticating the whole message, only login fragment. The HMAC idea is to authenticate and verify the integrity of the whole message. As we already have integrity verification measures, maybe later we should integrate this on that.

This bug is related to Bug #339.

We are using now:

MD5 (MD5 (Salt + Password))

Correcting, we are using
MD5 (MD5 (Salt + Password))
as minimal option in the implementation of FNopm_HashCredentials, but by default we ask FNopm_HashCredentials to do 100 iterative hashings in the form:

FOR CurIter := 1 TO Iterations DO
Credential := FNopm_MD5 (Credential + Salt);

We will close this one as deferred, as currently the security is good enough, better if the user uses SSL.