OSCommerce Product Manager for Windows
FS#301 - Improve password hashing sent to server-side script.
Attached to Project:
OSCommerce Product Manager
Opened by Mario A. Valdez-Ramirez (mvaldez) - Sunday, 04 December 2005, 09:57 GMT-6
Last edited by Mario A. Valdez-Ramirez (mvaldez) - Sunday, 15 July 2007, 17:48 GMT-6
Opened by Mario A. Valdez-Ramirez (mvaldez) - Sunday, 04 December 2005, 09:57 GMT-6
Last edited by Mario A. Valdez-Ramirez (mvaldez) - Sunday, 15 July 2007, 17:48 GMT-6
|
DetailsCurrently the application send the hashed (password + timestamp). The timestamp is set by the client and is sent in the clear.
We set the salt client-side to avoid a full round-trip asking the server a salt. We could do this: MD5 (MD5 (Salt + Password)) and not this: MD5 (Salt + Password) If the server could set the salt, we could use: MD5 (MD5 (Salt + MD5 (Password))) |
This task depends upon
MD5 (Password + Padding + MD5 (Password + Padding + Salt))
Anyway, as stated in that RFC: "periodic key refreshment is a fundamental security practice that helps against potential weaknesses of the function and keys". As the user most likelly will not change the password that often, we can add a brute-attack detection feature, so the script is blocked for a certain amount of time and for an IP address if it receives too many failed login attempts from that IP address. That should be a different feature request.
MD5 (Password XOR 0x5c-Padding + MD5 (Password XOR 0x36-Padding + Salt))
That is, pad the password with zeroes to get a 64 bytes string, XOR the padded password with a string of 0x36 of size 64 (the blocksize of MD5), concatenate it with the salt (the timestamp), then hash the whole string using MD5. Again, pad the password with zeroes, XOR the padded password with 64 0x5c, concatenate it with the previous result, and hash it with MD5.
In PHP5 there is an HMAC function. I think we will have to create our own to support PHP4.
Also, we are not authenticating the whole message, only login fragment. The HMAC idea is to authenticate and verify the integrity of the whole message. As we already have integrity verification measures, maybe later we should integrate this on that.
MD5 (MD5 (Salt + Password))
MD5 (MD5 (Salt + Password))
as minimal option in the implementation of FNopm_HashCredentials, but by default we ask FNopm_HashCredentials to do 100 iterative hashings in the form:
FOR CurIter := 1 TO Iterations DO
Credential := FNopm_MD5 (Credential + Salt);