Thanks to Moore's law, we need to regularly increase the hash count to keep our password hashing at a constant resistance to cracking.
For more information see: #1201444: Strenghten password hashing mechanism and #29706: More secure password hashing and http://api.drupal.org/api/drupal/includes--password.inc/constant/DRUPAL_...
I wrote the comment about increasing this every version assuming we were on ~18-24 month release cycles. Since D7 stretched out more, I think we should increase now by 1 for D7 and 2 for D8.
Comment | File | Size | Author |
---|---|---|---|
#2 | 1203852-hash-count-D7-2.patch | 461 bytes | pwolanin |
#1 | 1203852-hash-count-D7-1.patch | 461 bytes | pwolanin |
#1 | 1203852-hash-count-D8-1.patch | 461 bytes | pwolanin |
Comments
Comment #1
pwolanin CreditAttribution: pwolanin commentedHere are 2 trivial patches to make that change for 7 and 8.
Comment #2
pwolanin CreditAttribution: pwolanin commentedoops - those were both the same - here's the one for D7.
Comment #3
pwolanin CreditAttribution: pwolanin commentedComment #4
grendzy CreditAttribution: grendzy commentedIncrementing the hash periodically makes sense, but we should sanity-check the execution time. 2^14 rounds takes about 65ms on a core 2 duo. Do we have a target in mind for the wall time? One concern is clock rates have not changed much since this was originally committed in 2008. Moore's law has given us more cores, but this is the wrong kind of asymmetry - attackers can crack in parallel, but an individual login cannot run _password_crypt() in parallel.
pwolanin didn't mention it, but the count is stored embedded in the hash - so old passwords will continue to work (and will be re-hashed automatically as users log in).
Comment #5
pwolanin CreditAttribution: pwolanin commentedI think bringing it into the 50-100 ms range is good
Comment #6
Heine CreditAttribution: Heine commentedComment #7
grendzy CreditAttribution: grendzy commented+1. I repeated the test on a core 3.2 GHz i7, and 2^14 rounds was down to 19ms.
Comment #8
webchickJust curious, but is there a reason not to just jack that to 25 or something to keep us set for awhile? Performance?
Comment #9
pwolanin CreditAttribution: pwolanin commented@webchick - this number is power of 2. So increasing D8 by 2, increases the # iterations by a factor of 4.
Increasing by another 10 would increase a factor of 1024, so logins would take at least 10-20 seconds to just check the hash.
Comment #10
webchickGotcha. Well that's no good then. :)
Committed to #1 to 8.x and #2 7.x. Thanks!