Dropping MD5 for sha(1)

Forum Moderators: phranque

Message Too Old, No Replies

Dropping MD5 for sha(1)

What are the best practices?

mack

12:56 am on Jan 13, 2014 (gmt 0)

One of my websites has a members area where user passwords are stored in the MD5 format. In recent times it has become more and more obvious that MD5 is no longer a secure option.

What in your opinion are the best practices for changing to a more secure form of encryption?

My though is to create a new login script that will first try to log the user in by converting the password to sha(1) then comparing it to the record we have in the db. If that fails, fall back to MD5 and again do a check. If this results in a successful login convert the password provided by user to sha(1) and update the db accordingly.

Is there a preferred option for carrying out this process?

Mack.

bill

5:42 am on Jan 22, 2014 (gmt 0)

I thought the problem with MD5 was the possibility of creating duplicates that might collide. I don't think it was necessarily insecure for storing passwords. However, one of the SHA variants should be good if you'd prefer something else..

GoNC

10:22 am on Jan 23, 2014 (gmt 0)

I'm not familiar with SHA, but I just dealt with md5() on passwords while converting an old vBulletin site to our system. Man, what a pain!

I use a base64 encryption in PHP, which I like better. I have my user database set to store the sign up date, so every month I generate a new key, and use the decryption key based on the month and year they signed up. This works pretty well; even if my whole system were compromised, they would only be able to break in to the accounts of the newest users.

If you would like me to send you the base64 encryption script I use, just let me know.

Either way, if I were you I'd set up a Boolean column in the user table, with everyone set to 0 by default. When they log in, check the boolean, and if it's 0 then run the converting script and update the boolean to 1.

henry0

2:30 pm on Jan 23, 2014 (gmt 0)

Don't use sha1 as flows were found in it. (Cannot remember where I read about it)
I used SHA-2 with 256 bit, you could also use 512 bit.
it works perfectly and is tougher to crack than md5()
Well..., it will take a much longer time :)

mack

1:08 am on Jan 29, 2014 (gmt 0)

Thank you for the replies...

I was under the impression that md5 had been compromised, having read your views I think I may be safe to stick with it for a while.

I will however be putting in place a "plan" to enable a changeover.. if and when it is required.

Mack.

brotherhood of LAN

1:21 am on Jan 29, 2014 (gmt 0)

Of all the hashing functions, bcrypt is one I see recommended the most, as it's more computationally expensive to compute and therefore harder to brute force.

MD5 isn't compromised as such, but if you're not using a (long/complex) salt on the passwords then it becomes a lot easier to crack the encrypted passwords by brute force. With no salt, obvious passwords are brute forced easily while a non-complex salt could be brute forced itself first due to simple passwords being prevalent.

Everything can be brute forced, it just depends on how long the attacker is willing to wait to get the data.

In short, use something that's more computationally expensive like SHA256/512 or bcrypt, and include a salt if the hashing doesn't use one.