Hello,
This isn't a question but rather a comment. I'm not sure if this is the right list to bring this up. I just noticed that Drupal stores user passwords as a simple MD5 sum: md5($password)
Sure, MD5(passwd) clearly beats plain text, but I was hoping for something better. In particular, I was hoping to see secure salts and maybe other security features. The current system has vulnerabilities. You can compute the hashes for a standard dictionary of passwords and compare the hashes. Some passwords are very common ("password" and "password1"). I just tried it on my system an I found 6 users whose password is password. Because MD5 is a very cheap function and there are no salts, a dictionary attack is quite easy.
I understand that there are already millions of Drupal users and you can't drop MD5(pass). But I can still suggest a simple upgrade path that results in a secure hash. A future version of Drupal (e.g. Drupal 7) could use a hash of the form:
$salt = "uqYmV7yoUFYLQ5AspBK"; // Anything long and random is fine.
$hash = hash_hmac('sha1', md5($passwd), $user_id . $salt);
There, simple. The last parameter the key, but we only use it as a salt. Notice how each user gets a different salt. This makes dictionary attacks more difficult. I use HMAC rather than SHA1 because it has great key-mixing properties. With SHA1 the salt ($user_id.$salt) would have important weaknesses.
If a future version of Drupal used this hash, it would be easy to migrate users from previous versions of Drupal. The upgrade.php program would grab the password field - MDF(pass) - and user id of each user, compute the new hash, and store that back into the password field.
For brownie points we could add another step that runs the hash through a slower compression algorithm like Blowfish or Serpent. The idea is that if computing a hash is more expensive, we can foil dictionary attacks more effectively.
What do you think?
Daniel.