#755 closed enhancement (fixed)

Salting passwords and other than MD5 alghoritms.

Reported by: rozie@… Owned by:
Priority: normal Milestone:
Component: BitlBee Version: 3.0.1
Keywords: md5 hash salt sha security Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro: all


Please consider adding salt mechanism and other alghoritms then MD5 for hashing passwords and let user change alghoritm. Unsalted MD5s used now are common, so are tools to break them. Using unsalted MD5's makes hashes vulnerable for rainbow tables attacks.

for bitlbee.conf it could be like: AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl - current, unsalted version AuthPassword = md5:<SALT:>gzkK0Ox/1xh+1XTsQjXxBJ571Vgl - new version, with SALT: part optional for backwards compatibility.

Attachments (0)

Change History (1)

comment:1 Changed at 2011-02-12T11:05:50Z by wilmer

Resolution: fixed
Status: newclosed
wilmer@peer:~$ src/bitlbee/devel/bitlbee -x hash getyourfactsrightplease...
wilmer@peer:~$ src/bitlbee/devel/bitlbee -x hash getyourfactsrightplease...
wilmer@peer:~$ src/bitlbee/devel/bitlbee -x hash getyourfactsrightplease...

Looks pretty salty to me already. Thanks for caring, I guess..

Modify Ticket

as closed The ticket will remain with no owner.
The resolution will be deleted.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.