Thanks to Moore's law, we need to regularly increase the hash count to keep our password hashing at a constant resistance to cracking.

For more information see: #1201444: Strenghten password hashing mechanism and #29706: More secure password hashing and http://api.drupal.org/api/drupal/includes--password.inc/constant/DRUPAL_...

I wrote the comment about increasing this every version assuming we were on ~18-24 month release cycles. Since D7 stretched out more, I think we should increase now by 1 for D7 and 2 for D8.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

pwolanin’s picture

Status: Active » Needs review
FileSize
461 bytes
461 bytes

Here are 2 trivial patches to make that change for 7 and 8.

pwolanin’s picture

FileSize
461 bytes

oops - those were both the same - here's the one for D7.

pwolanin’s picture

Issue tags: +Needs backport to D7
grendzy’s picture

Incrementing the hash periodically makes sense, but we should sanity-check the execution time. 2^14 rounds takes about 65ms on a core 2 duo. Do we have a target in mind for the wall time? One concern is clock rates have not changed much since this was originally committed in 2008. Moore's law has given us more cores, but this is the wrong kind of asymmetry - attackers can crack in parallel, but an individual login cannot run _password_crypt() in parallel.

pwolanin didn't mention it, but the count is stored embedded in the hash - so old passwords will continue to work (and will be re-hashed automatically as users log in).

pwolanin’s picture

I think bringing it into the 50-100 ms range is good

Heine’s picture

Status: Needs review » Reviewed & tested by the community
grendzy’s picture

+1. I repeated the test on a core 3.2 GHz i7, and 2^14 rounds was down to 19ms.

webchick’s picture

Just curious, but is there a reason not to just jack that to 25 or something to keep us set for awhile? Performance?

pwolanin’s picture

@webchick - this number is power of 2. So increasing D8 by 2, increases the # iterations by a factor of 4.

Increasing by another 10 would increase a factor of 1024, so logins would take at least 10-20 seconds to just check the hash.

webchick’s picture

Status: Reviewed & tested by the community » Fixed

Gotcha. Well that's no good then. :)

Committed to #1 to 8.x and #2 7.x. Thanks!

Automatically closed -- issue fixed for 2 weeks with no activity.