Opencart: Insecure password hashing

Created on 4 Feb 2013  路  5Comments  路  Source: opencart/opencart

The algorithm used to protect passwords is not secure. SHA1 has not been exposed the way MD5 has, but if you're going to use SHA1 you need to use PBKDF2 with the hash_hmac() algorithm. Otherwise, use bcrypt.

I don't have time for a full explanation, but I've written [removed spammers link] on this elsewhere.

All 5 comments

we don;t just use sha1 we also use salts and encrypt the password many times over

salt = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "'

i believe this has been broken at some russian hacking conference after renting out amazons cloud servers to do 18.1 billion combinations in 3 minutes.

the average scumbag will not be able to decrypt these password hashes.

GPU-based systems like some of Amazon's available instances (at the cost of a dollar or two an hour) can do billions of hashes per _second_. http://www.golubev.com/hashgpu.htm The average scumbag can get an AWS account and pay a couple bucks, no problem.

SHA1 for password hashing is insecure, period. There's a reason PHP's password_hash() function uses bcrypt.

Also, posting your salt makes it even easier to decrypt. Hope you've changed that; that's like your secret sauce.

Be the sauce boss. Don't share your recipes.

@geraldarthur I hope you know better, but for anyone who might stumble across this later...
If you're doing it right, knowing the salt shouldn't matter. Bcrypt stores the salt right in the resulting hash. It also uses a different salt for every password. The point is to run it through such CPU-intensive hashing that it would be infeasible to unravel it even if you know the salt due to the slowness of cracking.

You couldn't match the security of bcrypt even by wrapping the above in 5 more sha1() calls, and on top of that bcrypt is future-proof, as you can compensate for future hardware by increasing the amount of work that must be done to create a hash, which will again slow down any attackers.
And on top of that, it's pretty dang easy to implement, so please use it, for the love of your users.

what about the padding though? unless the machine knows what the password is in between the hashing its not going to know if its been decrypt correctly. am i wrong?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

nasserman picture nasserman  路  5Comments

prosenjeet123 picture prosenjeet123  路  4Comments

PrivateAlpha picture PrivateAlpha  路  3Comments

auwalismail picture auwalismail  路  5Comments

faca5 picture faca5  路  4Comments