How do I know if my passwords are salted?

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
User avatar
SoonDead
Registered User
Posts: 51
Joined: Wed Jan 21, 2009 10:00 am
Location: Hungary
Name: Márton Vincze
Contact:

How do I know if my passwords are salted?

Post by SoonDead » Sat Mar 27, 2010 10:12 am

I have successfully initiated a dictionary attack on some of my users' passwords. I have not defined any salt as I was unsure about it's location in the phpBB database, but I still had success (6 passwords have fallen from 50, but one hacked user had admin rights).

The phpBB3 hashing is quite a pain to brute force, so I would really like it salted, as it would greatly reduce the efficiency (if not making them impossible) of other type of attacks.

How do I know if my passwords are salted, and where can I find the salt? And if it's unsalted, then is there a built in way to define a salt and add them to the passwords? (for example the next time a user logs in)

Comkid
Registered User
Posts: 132
Joined: Thu Mar 25, 2010 5:40 am

Re: How do I know if my passwords are salted?

Post by Comkid » Sat Mar 27, 2010 10:31 am

phpBB3, uses a hash called phpass, which automatically generates different hashes for the same characters (string). The passwords are not salted when hashed ;)
I ist Comkid :P

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21156
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - definitely

Re: How do I know if my passwords are salted?

Post by Mick » Sat Mar 27, 2010 10:33 am

"The more connected we get the more alone we become" - Kyle Broflovski

Comkid
Registered User
Posts: 132
Joined: Thu Mar 25, 2010 5:40 am

Re: How do I know if my passwords are salted?

Post by Comkid » Sat Mar 27, 2010 10:58 am

I quickly coded this and I believe it should work:

OPEN: includes/functions.php

FIND:

Code: Select all

function phpbb_hash($password)
{ 
ADD AFTER:

Code: Select all

$password = $password . $config['pass_salt']; 
FIND:

Code: Select all

function phpbb_check_hash($password, $hash)
{ 
ADD AFTER:

Code: Select all

$password = $password . $config['pass_salt']; 
OPEN: includes/acp/acp_board.php

FIND:

Code: Select all

'chg_passforce'            => array('lang' => 'FORCE_PASS_CHANGE',    'validate' => 'int:0',    'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']), 
ADD AFTER:

Code: Select all

'pass_salt'                => array('lang'    => 'PASSWORD_SALT',        'validate' => 'string', 'type' => 'text:25:100', 'explain' => true), 
OPEN: language/en/acp/board.php

FIND:

Code: Select all

'NO_REF_VALIDATION'                => 'None', 
ADD AFTER:

Code: Select all

'PASSWORD_SALT'                    => 'Password Salt',
    'PASSWORD_SALT_EXPLAIN'            => 'Salt to use when hashing of passwords to prevent bruteforcing the passwords.',, 
I ist Comkid :P

User avatar
SoonDead
Registered User
Posts: 51
Joined: Wed Jan 21, 2009 10:00 am
Location: Hungary
Name: Márton Vincze
Contact:

Re: How do I know if my passwords are salted?

Post by SoonDead » Sat Mar 27, 2010 11:24 am

The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, also supported with our public domain crypt_blowfish package (for C applications), and known in PHP as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself (also referred to as portable hashes).
Clearly this means a lot of salted MD5 on top of each other.

For example.
I have used PasswordsPro v2.4.4.1
I have added a user with the username "milni" and with the hash $H$9u6lsweDFj2sXuluKDUNmE5FN3PPNp0, and selected the hash type MD5(phpBB3).
I have left the field "salt" empty.
I have used a loweralpha-numeric attack, and it found the password "bimba" in no time.
You can recreate this attack any time.

Can I then find out what kind of fallback method was used, when the password was hashed? Or how can I ensure that no fallback method is used?

User avatar
ric323
Former Team Member
Posts: 22909
Joined: Tue Feb 06, 2007 12:33 am
Location: Melbourne, Australia
Name: Ric
Contact:

Re: How do I know if my passwords are salted?

Post by ric323 » Sat Mar 27, 2010 1:27 pm

SoonDead wrote:I have successfully initiated a dictionary attack on some of my users' passwords. I have not defined any salt as I was unsure about it's location in the phpBB database, but I still had success (6 passwords have fallen from 50, but one hacked user had admin rights).
...)
Has your board been updated from phpBB2 to phpBB3, and were these users who had never logged in since the conversion?

How did you manage to do a brute force attack, when phpBB normally adds a CAPTCHA test after three login attempts?
(Or were you extracting the hash from the database, and brute forcing against that?)
The Knowledge Base contains solutions to many common problems!
How to fix "Doesn't have a default value" and "Incorrect string value: xxx for column 'post_text' " errors.
How to do a clean re-install of the latest phpBB3 version.
Problems with permissions? Read phpBB3 Permissions

User avatar
SoonDead
Registered User
Posts: 51
Joined: Wed Jan 21, 2009 10:00 am
Location: Hungary
Name: Márton Vincze
Contact:

Re: How do I know if my passwords are salted?

Post by SoonDead » Sat Mar 27, 2010 7:17 pm

ric323 wrote:Has your board been updated from phpBB2 to phpBB3, and were these users who had never logged in since the conversion?
There are only 2 users who have never logged in after the conversion. Their passwords are still hashed in plain md5, but that is not my concern (as you can see the hash I used for example is not a simple md5 "$H$9u6lsweDFj2sXuluKDUNmE5FN3PPNp0". It's already converted to phpBB3).
ric323 wrote:How did you manage to do a brute force attack, when phpBB normally adds a CAPTCHA test after three login attempts?
(Or were you extracting the hash from the database, and brute forcing against that?)
I was extracting the hash directly from the database. (I know that everybody states here that phpBB3 is so secure that noone will ever get hold of my database, but at least there might still be other vulnerable applications on the same server making a cross-site-scripting attack possible for example.)

User avatar
Lumpy Burgertushie
Registered User
Posts: 66342
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: How do I know if my passwords are salted?

Post by Lumpy Burgertushie » Sat Mar 27, 2010 8:03 pm

is this just an exercise or do you have some specific reason to be worried that someone would attack your board in particular?

I ask simply because in over two years that phpbb3 has been out, I have not heard of a single instance of it being hacked, via passwords or otherwise.

I wonder if you are a wee bit paranoid here.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29247
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: How do I know if my passwords are salted?

Post by Marshalrusty » Sun Mar 28, 2010 6:21 am

SoonDead wrote:There are only 2 users who have never logged in after the conversion. Their passwords are still hashed in plain md5, but that is not my concern (as you can see the hash I used for example is not a simple md5 "$H$9u6lsweDFj2sXuluKDUNmE5FN3PPNp0". It's already converted to phpBB3).
If you're using the latest version of phpBB, then there should not be any plain md5 passwords there. As of several versions ago , the convertor script uses phpbb_hash() on the md5 stored from phpBB2 and sets a flag that this was done. The updater does this as well, if you converted before the convertor did it automatically.

Keep in mind that the only way for someone to gain access to the hashed password is by getting access to the database. If an attacker has access to the database, then they also have access to the salt. Thus, the salt can be considered known information.

The software you are using does not exploit a weakness in the hashing algorithm. Instead, it generates a new hash and then checks whether it matches the stored hash. This is the same thing that happens when you attempt to login, and there is no way around it.

The algorithm effectively prevents the usage of rainbow tables by generating different hashes for the same string. An attacker needs to approach each hash individually, which is expensive. Dictionary attacks against weak passwords are still completely possible. You could add a salt to make weak passwords longer, sure, but the salt needs to be stored somewhere because it becomes necessary for authentication. Thus it becomes pointless.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

User avatar
Kellanved
Former Team Member
Posts: 2635
Joined: Wed Jan 26, 2005 2:48 pm
Location: Meta-level

Re: How do I know if my passwords are salted?

Post by Kellanved » Sun Mar 28, 2010 11:33 am

The security benefit of adding a salt in the form of $config['salt'] is negligible. That is for a simple reason: if the attacker has access to the database - the premise about the sort of attack discussed here - , s/he can just grab the salt as well.

The real reason for a salt is just to hinder the deployment of rainbow tables; phpAss does that on its own - it is salted and iterated, with the variable data stored along the hash. You will note that even the same password is not mapped to the same hash twice - that makes a lookup in a hash dictionary impossible.
Nocando is in Idontwanna county. No support via PM

User avatar
SoonDead
Registered User
Posts: 51
Joined: Wed Jan 21, 2009 10:00 am
Location: Hungary
Name: Márton Vincze
Contact:

Re: How do I know if my passwords are salted?

Post by SoonDead » Wed Mar 31, 2010 7:05 am

Sorry for the late answer, I was out of town.
Marshalrusty wrote:If you're using the latest version of phpBB, then there should not be any plain md5 passwords there. As of several versions ago , the convertor script uses phpbb_hash() on the md5 stored from phpBB2 and sets a flag that this was done. The updater does this as well, if you converted before the convertor did it automatically.
My bad, I was checking a snapshot of my database where it was still phpBB3.0.4. You are correct, in the newer ones these are hashed by phpass again.
Marshalrusty wrote:The software you are using does not exploit a weakness in the hashing algorithm. Instead, it generates a new hash and then checks whether it matches the stored hash. This is the same thing that happens when you attempt to login, and there is no way around it.
Yes of course, that is how checking of hashed passwords work.
Lumpy Burgertushie wrote:I wonder if you are a wee bit paranoid here.
You made me sad. No I'm not paranoid, I'm just concerned about the software I use, as everyone should be, and I'm a little startled that you are not.

I have done some in-depth research on phpass and concluded that it's a very decent hashing method if I set the password requirements for my users high enough. Thanks for all the answers.

Comkid
Registered User
Posts: 132
Joined: Thu Mar 25, 2010 5:40 am

Re: How do I know if my passwords are salted?

Post by Comkid » Wed Mar 31, 2010 8:18 am

Kellanved wrote:The security benefit of adding a salt in the form of $config['salt'] is negligible. That is for a simple reason: if the attacker has access to the database - the premise about the sort of attack discussed here - , s/he can just grab the salt as well.
Well, I supply the code, they're choice to use it, he wanted to salt his passwords, I made the code to salt the passwords. I know how it is redundant. Also, phpass, does anyone actually know how many different hashes it can generate for a single string?
I ist Comkid :P

User avatar
SoonDead
Registered User
Posts: 51
Joined: Wed Jan 21, 2009 10:00 am
Location: Hungary
Name: Márton Vincze
Contact:

Re: How do I know if my passwords are salted?

Post by SoonDead » Wed Mar 31, 2010 2:04 pm

I'm no expert on the subject so it makes me wonder: If phpass generates different hashes every time for the same string, how can a password be tested against the hash?

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29247
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: How do I know if my passwords are salted?

Post by Marshalrusty » Wed Mar 31, 2010 9:31 pm

SoonDead wrote:I'm no expert on the subject so it makes me wonder: If phpass generates different hashes every time for the same string, how can a password be tested against the hash?
The short answer: The hash and plaintext password are fed into a function which can determine whether the hash is valid for that password.

For a better explanation, you will have to look at the code. The key here is iterations, with each iteration being salted with specific values (which is where the stored hash comes into play). By using the stored hash, it is possible to repeat the specific steps taken to reach the particular hash (rather than another valid one). Then a simple string comparison is performed.

This algorithm makes rainbow tables unfeasible, and is overall a far more sophisticated method than simply using a static salt.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

User avatar
T0ny
Registered User
Posts: 1383
Joined: Sun Jan 29, 2006 8:42 pm
Location: Lancashire
Name: Tony

Re: How do I know if my passwords are salted?

Post by T0ny » Thu Apr 01, 2010 12:35 pm

Comkid wrote:Also, phpass, does anyone actually know how many different hashes it can generate for a single string?
The phpbb implementation uses a 6 character hex value for the salt, so that makes 16,777,216 possible values for any given password.

Locked

Return to “[3.0.x] Support Forum”