OSCommerce Product Manager

OSCommerce Product Manager for Windows
Tasklist

FS#301 - Improve password hashing sent to server-side script.

Attached to Project: OSCommerce Product Manager
Opened by Mario A. Valdez-Ramirez (mvaldez) - Sunday, 04 December 2005, 09:57 GMT-6
Last edited by Mario A. Valdez-Ramirez (mvaldez) - Sunday, 15 July 2007, 17:48 GMT-6
Task Type Bug Report
Category Backend / Core
Status Closed
Assigned To Mario A. Valdez-Ramirez (mvaldez)
Operating System All
Severity Medium
Priority High
Reported Version any
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Currently the application send the hashed (password + timestamp). The timestamp is set by the client and is sent in the clear.

We set the salt client-side to avoid a full round-trip asking the server a salt.

We could do this:

MD5 (MD5 (Salt + Password))

and not this:

MD5 (Salt + Password)

If the server could set the salt, we could use:

MD5 (MD5 (Salt + MD5 (Password)))
This task depends upon

Closed by  Mario A. Valdez-Ramirez (mvaldez)
Sunday, 15 July 2007, 17:48 GMT-6
Reason for closing:  
Comment by Mario A. Valdez-Ramirez (mvaldez) - Monday, 14 May 2007, 06:32 GMT-6
If we follow something like HMAC (Keyed-Hashing for Message Authentication), described in the RFC 2104, we should do:

MD5 (Password + Padding + MD5 (Password + Padding + Salt))

Anyway, as stated in that RFC: "periodic key refreshment is a fundamental security practice that helps against potential weaknesses of the function and keys". As the user most likelly will not change the password that often, we can add a brute-attack detection feature, so the script is blocked for a certain amount of time and for an IP address if it receives too many failed login attempts from that IP address. That should be a different feature request.
Comment by Mario A. Valdez-Ramirez (mvaldez) - Monday, 14 May 2007, 06:57 GMT-6
Not quite correct...

MD5 (Password XOR 0x5c-Padding + MD5 (Password XOR 0x36-Padding + Salt))

That is, pad the password with zeroes to get a 64 bytes string, XOR the padded password with a string of 0x36 of size 64 (the blocksize of MD5), concatenate it with the salt (the timestamp), then hash the whole string using MD5. Again, pad the password with zeroes, XOR the padded password with 64 0x5c, concatenate it with the previous result, and hash it with MD5.

In PHP5 there is an HMAC function. I think we will have to create our own to support PHP4.

Also, we are not authenticating the whole message, only login fragment. The HMAC idea is to authenticate and verify the integrity of the whole message. As we already have integrity verification measures, maybe later we should integrate this on that.
Comment by Mario A. Valdez-Ramirez (mvaldez) - Monday, 14 May 2007, 07:12 GMT-6
This bug is related to Bug #339.
Comment by Mario A. Valdez-Ramirez (mvaldez) - Sunday, 15 July 2007, 02:11 GMT-6
We are using now:

MD5 (MD5 (Salt + Password))

Comment by Mario A. Valdez-Ramirez (mvaldez) - Sunday, 15 July 2007, 03:57 GMT-6
Correcting, we are using
MD5 (MD5 (Salt + Password))
as minimal option in the implementation of FNopm_HashCredentials, but by default we ask FNopm_HashCredentials to do 100 iterative hashings in the form:

FOR CurIter := 1 TO Iterations DO
Credential := FNopm_MD5 (Credential + Salt);
Comment by Mario A. Valdez-Ramirez (mvaldez) - Sunday, 15 July 2007, 17:48 GMT-6
We will close this one as deferred, as currently the security is good enough, better if the user uses SSL.

Loading...