Modify

#755 closed enhancement (fixed)

Salting passwords and other than MD5 alghoritms.

Reported by: rozie@… Owned by:
Priority: normal Milestone:
Component: BitlBee Version: 3.0.1
Keywords: md5 hash salt sha security Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro: all

Description

Please consider adding salt mechanism and other alghoritms then MD5 for hashing passwords and let user change alghoritm. Unsalted MD5s used now are common, so are tools to break them. Using unsalted MD5's makes hashes vulnerable for rainbow tables attacks.

for bitlbee.conf it could be like: AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl - current, unsalted version AuthPassword = md5:<SALT:>gzkK0Ox/1xh+1XTsQjXxBJ571Vgl - new version, with SALT: part optional for backwards compatibility.

Attachments (0)

Change History (1)

comment:1 Changed at 2011-02-12T11:05:50Z by wilmer

Resolution: fixed
Status: newclosed
wilmer@peer:~$ src/bitlbee/devel/bitlbee -x hash getyourfactsrightplease...
0CYbb23VokOJ66UkGoWKjubT/OSz
wilmer@peer:~$ src/bitlbee/devel/bitlbee -x hash getyourfactsrightplease...
zJhlBHixV3FGMMV/A6buxMsaquKJ
wilmer@peer:~$ src/bitlbee/devel/bitlbee -x hash getyourfactsrightplease...
VL7sH+vLm+w/yZ5b90PYN7D4L8Ar

Looks pretty salty to me already. Thanks for caring, I guess..

Modify Ticket

Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.