I love Ion Auth except for the fact that it uses single iteration sha1 hashing when stores passwords.
Why single MD5, SHA1, SHA256, SHA512, SHA-3 hashing is bad?:
- Because it's so fast. A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds. sha1 is about the same speed. And that’s without investing anything. If you’re willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second. And that rate you’ll be cracking those passwords at the rate of more than one per second.
2)Salts Will Not Help You - It’s important to note that salts are useless for preventing dictionary attacks or brute force attacks. It doesn’t affect how fast an attacker can try a candidate password, given the hash and the salt from your database. Salt or no, if you’re using a general-purpose hash function designed for speed you’re well and truly effed.
3)SHA-1 is being retired for most government uses; the U.S. National Institute of Standards and Technology says, "Federal agencies should stop using SHA-1 for...applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010".
What to do?
Use bcrypt. Actually - use php's bcrypt implementation - crypt function (there are several different
options - best ones would be crypt_sha256, crypt_sha512 or crypt_blowfish). Imho -i'd go for crypt_sha512.
Why is it better?
Because it introduces a work factor, which allows you to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore’s law. As computers get faster you can increase the work factor and the hash will get slower.How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password yaaa in about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.So we’re talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I'd be cracking them every 12 years or so. Your passwords might not need that kind of security and you might need a faster comparison algorithm, but bcrypt allows you to choose your balance of speed and security. Use it.
How to add it to Ion Auth? Easy.(read php crypt function manual first)
- In Ion Auth config file set hash length to 16 (for crypt_sha512 variant).
- use your weapon of choice to modify sql schema (phpmyadmin). Password field has to be extended from 40 to 123 characters.
- Modify following functions in Ion Auth model
[code]function hash_password_db
function hash_password[/code]
Instead of sha1 functions use something like here:
[code]return crypt(string $password, string $salt);[/code]
where $salt variable has to be in the following format (thanks php):
[code] $id$rounds=number$actualsalt[/code]
where:
[b]id[/b] - type of hashing (1 - for md5, 2a for blowfish, 6 for sha512 etc)
[b]rounds[/b] - CPU load, number of iterations. The higher the number - the higher CPU requirements. that's what makes it really hard to break. can be any number from 1000 to 999,999,999. Default 5000
[b]$actualsalt[/b] -obviously 16 characters salt
So - for example:
[code]return crypt($password, '$6$rounds=6000$'.$salt.'$');[/code]
You can use phpmyadmin again to add a 1-st user:
[b]username[/b]: any
[b]password[/b]: password
[b]salt [/b](16 chars): aaaaaaaaaaaaaaaa
[b]hash [/b](if 6000 iterations and crypt_sha512): $6$rounds=6000$aaaaaaaaaaaaaaaa$DIu5Q9s6kgfnxcDQPZZ/Xt6T5gar0eBbZShHRWp.aHbBO5nskNc2U1I6YX5aJD6GnKh43i/9EVxV2L5.jrQsw0
Yeas - that entire thing is a hash starting from $6$ and ending in Qsw0
I like Ion Auth more than any library out there for CI and I think that this should be addedd to it instead of default sha1 mechanism
Hope this helps.