Passwords should be salted

If some authorized person has access to the database, I'm screwed as well. For example, if the DBA for my hosting company can see the unsalted md5 hashed passwords of my users, they can recover many of those passwords, which are privacy sensitive. Same problem with anyone seeing backups.

Also, this is not a feature request, but a bug report.

Ok, here's a patch that implements the first part of my proposal. Add a varchar(16) 'salt' column to the 'users' table (not null, default empty) and apply this patch and you have salting for all new users, and for any user that changes their password, while remaining backwards compatible with all old users.

And here is a patch that implements the second part of my proposal. It not only adds salt to new and updated passwords, but also rehashes after successful login if the salt is empty.

Re: Heine
Yes, I have read that discussion, but that one is about a whole slew of changes, such as stretching, and upgrading from MD5 to a more secure hashing algorithm. Very good, but all of that is a lot more work.

And then you have to consider backwards compatibility with PHP4. Pushing the issue back to Drupal 7 allowed developers to focus on PHP 5 only, which gives a lot more options when it comes to hashing algorithms. But that does mean that the solution developed at http://drupal.org/node/29706 is probably not backwards compatible with PHP4, and thus not backwards compatible with Drupal 6. Which means that the branch maintainers cannot include it.

These patches only address the salting issue, and are fully compatible with php4.

So what if it is a bit more work? The cryptographics have been done in that issue. Why aim lower?

I have no problem with the work. But I think that salting, stretching, and hashing algorithm strenght are three separate issues. And in its current state, I think that the missing salting is a serious issue, something that is much more urgent to fix than the other issues. If the work done at http://drupal.org/node/29706 is done and ready to be incorporated into drupal 6, then I'm all for it. But there doesn't seem to be any drive, at all, to get it into drupal 6. The issue is for 7.x dev and is closed.

That is speculation. If we identify PHP 4 issues, what stops us from working around them?

I don't know, what is stopping people from putting salting in drupal 6? If you feel it is better that way, then I'm fine with changing this bug to be about incorporating the work done for drupal 7 into drupal 6. But as it is, there is no open issue about that, and there seems to be no real interest for it.

Let's classify this properly. This is a feature request, not a bug. Whether or not it is accepted is up to the branch maintainer.

Well, I guess that is a point of view. I disagree. In my personal opinion, not salting your passwords is a serious bug. It is something that is broken and urgently needs to be fixed, not just something that would be nice to have.

Reclassifying as a bug for the reason given above.