At Climate Prediction dot Net we have just had an SQL injection incident which lead (due to poor security on our part, not BOINC's) to user emails and password hashes being obtained.
Given that MD5 can be cracked relatively quickly, are there any plans to move away from MD5 hashing of the password/email authentication for BOINC? The PHP manual recommends against using MD5 because it is no longer considered strong enough. http://us2.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash We have gone to some lengths to notify our users of this incident, and we've had quite a few responses from volunteers who have used the same email/password combination on other BOINC projects and websites. This causes me some concern because, given that BOINC is open source, it is trivially easy for a cracker to determine the function that writes the hash to the database, and note how the hash is constructed by appending the email address to the password. The attackers on our site virtually always grabbed the email address and the password hash in the same query, so the crackers have half the hash's input (the email address) only have to guess the password part; the fact that the password hash incorporates the email address does not really add any security (other than preventing simple searches on sites such as http://passcracking.com/ ) What are your thoughts and/or plans on this issue? Jonathan Miller System Administrator Climate Prediction dot Net, University of Oxford _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
