[support] Passwords in Drupal

[Daniel Carrera]

Hello,

This isn't a question but rather a comment. I'm not sure if this is the 
right list to bring this up. I just noticed that Drupal stores user 
passwords as a simple MD5 sum: md5($password)


Sure, MD5(passwd) clearly beats plain text, but I was hoping for 
something better. In particular, I was hoping to see secure salts and 
maybe other security features. The current system has vulnerabilities. 
You can compute the hashes for a standard dictionary of passwords and 
compare the hashes. Some passwords are very common ("password" and 
"password1"). I just tried it on my system an I found 6 users whose 
password is password. Because MD5 is a very cheap function and there are 
no salts, a dictionary attack is quite easy.


I understand that there are already millions of Drupal users and you 
can't drop MD5(pass). But I can still suggest a simple upgrade path that 
results in a secure hash. A future version of Drupal (e.g. Drupal 7) 
could use a hash of the form:


$salt = "uqYmV7yoUFYLQ5AspBK";  // Anything long and random is fine.

$hash = hash_hmac('sha1', md5($passwd), $user_id . $salt);


There, simple. The last parameter the key, but we only use it as a salt. 
Notice how each user gets a different salt. This makes dictionary 
attacks more difficult. I use HMAC rather than SHA1 because it has great 
key-mixing properties. With SHA1 the salt ($user_id.$salt) would have 
important weaknesses.

If a future version of Drupal used this hash, it would be easy to 
migrate users from previous versions of Drupal. The upgrade.php program 
would grab the password field - MDF(pass) - and user id of each user, 
compute the new hash, and store that back into the password field.

For brownie points we could add another step that runs the hash through 
a slower compression algorithm like Blowfish or Serpent. The idea is 
that if computing a hash is more expensive, we can foil dictionary 
attacks more effectively.

What do you think?

Daniel.