close Warning: Failed to sync with repository "(default)": [Errno 12] Cannot allocate memory; repository information may be out of date. Look in the Trac log for more information including mitigation strategies.
Modify

Opened at 2011-02-12T10:43:46Z

Closed at 2011-02-12T11:05:50Z

#755 closed enhancement (fixed)

Salting passwords and other than MD5 alghoritms.

Reported by: rozie@… Owned by:
Priority: normal Milestone:
Component: BitlBee Version: 3.0.1
Keywords: md5 hash salt sha security Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro: all

Description

Please consider adding salt mechanism and other alghoritms then MD5 for hashing passwords and let user change alghoritm. Unsalted MD5s used now are common, so are tools to break them. Using unsalted MD5's makes hashes vulnerable for rainbow tables attacks.

for bitlbee.conf it could be like: AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl - current, unsalted version AuthPassword = md5:<SALT:>gzkK0Ox/1xh+1XTsQjXxBJ571Vgl - new version, with SALT: part optional for backwards compatibility.

Attachments (0)

Change History (1)

comment:1 Changed at 2011-02-12T11:05:50Z by wilmer

Resolution: fixed
Status: newclosed 
wilmer@peer:~$ src/bitlbee/devel/bitlbee -x hash getyourfactsrightplease...
0CYbb23VokOJ66UkGoWKjubT/OSz
wilmer@peer:~$ src/bitlbee/devel/bitlbee -x hash getyourfactsrightplease...
zJhlBHixV3FGMMV/A6buxMsaquKJ
wilmer@peer:~$ src/bitlbee/devel/bitlbee -x hash getyourfactsrightplease...
VL7sH+vLm+w/yZ5b90PYN7D4L8Ar

Looks pretty salty to me already. Thanks for caring, I guess..

Modify Ticket

Action
as closed The ticket will remain with no owner.
The resolution will be deleted.

Add Comment

E-mail address and name can be saved in the Preferences.

AttachmentsDescription
 
Note: See TracTickets for help on using tickets.