Improved password hashing
From IceBB Wiki
As of September 21, 2007, this feature has been implemented. --MutantMonkey (talk | work) 20:25, 21 September 2007 (EDT)
Since we are switching to PHP 5 for IceBB 1.1, we have many new password hashing opportunities available. MD5 is generally considered to be insecure, and even though we employ salting, a new hashing function would be ideal. SHA-256 looks to be a pretty good alternative to MD5; it's not that much slower and it also generates a good length hash. I'm not sure about some of the others; they might not be available on all servers. We'll be using salting with whatever we go with, however.
The only problem with this would be migrating existing passwords. I suppose we could rename the password column as password_legacy, create a new password column, and then migrate on login.
Here's what's available on my localhost and the times:
md2: 99e316e23c1f6cddd8253208e4fdd9b6 0.00002193450927734375 md4: 0dc2351b562ed7e8c364ee923e31b390 0.00000596046447753906 md5: cb28e00ef51374b841fb5c189b2b91c9 0.00000691413879394531 sha1: 98a16c09b0759e63ef7df53592724e8eeddb953a 0.00001502037048339844 sha256: a4dd5658ec0219465b705ea7c7435d9786a3c66d4f448cabd7488dabceafb699 0.00001001358032226563 sha384: 1bab6fa9d10e39316e1a2ee67319f94b62693b021bfd62a0e7f73f211ba52161781f6ce3b67d7c1b625c46e828d0c199 0.00001502037048339844 sha512: dc5ccb61185dc2e8c91b5de2200178a4e0e3ccf538529f1346bdcb8eabf342ce3d2eac54894b7ad2d4e6d818b6095a8d54a4aec937cab1ec33ffa6dbab5644b1 0.00001502037048339844 ripemd128: 4cacf72f63bdbd30ac9694b847d4779f 0.00001215934753417969 ripemd160: 53043d1037d692eb31d99e163feb28e592cd0b25 0.00000882148742675781 ripemd256: 31650df7305f8df05819eba81402bfd6eeced9d288d98863dc9257d008c21b78 0.00000596046447753906 ripemd320: 128e8b3d07c036f1d241858886838b26d4f81585a18f7e85dd2bb06b083ff6e02f64348f472df56b 0.00000691413879394531 whirlpool: 24746233f62eb3039630e86f05b416d2b7582a8a63392d744cd8cf19997c16ea573f3e2f62fb5c726b9d4d2e80d2eefc60ee541e4deaedb43b0d2e9a973e7469 0.00004100799560546875 tiger128,3: ef56866069858b444a6b5fb002561af6 0.00003504753112792969 tiger160,3: ef56866069858b444a6b5fb002561af68d6e97f3 0.00000715255737304688 tiger192,3: ef56866069858b444a6b5fb002561af68d6e97f388c79149 0.00000596046447753906 tiger128,4: 3b815d211812d1170fdaeab6adaa7e15 0.00000786781311035156 tiger160,4: 3b815d211812d1170fdaeab6adaa7e15e6f5f4f0 0.00000596046447753906 tiger192,4: 3b815d211812d1170fdaeab6adaa7e15e6f5f4f0e8e905a6 0.00000905990600585938 snefru: f44164618cba025a8095d4c8321e862eb0a3c4751c7a2e05cc2c37004d24c178 0.00005388259887695313 gost: e88b611bef9b248f6df08d3360d61d1a2d9ddee170a2685496cd04876184994c 0.00003099441528320313 adler32: a9047128 0.00000405311584472656 crc32: cdca0b98 0.00000715255737304688 crc32b: e2f2d662 0.00000405311584472656 haval128,3: 06d344c30dbd64cbb255a5b6c9b0a1e6 0.00001192092895507813 haval160,3: 01fc711a8b9175415142b9343c83b58aea74e177 0.00000786781311035156 haval192,3: e560744a86327437ba47a5e669db8681e66f9ce84142f8db 0.00000715255737304688 haval224,3: 4970acf9df571c3e8f958765b5fade88cc2d78ad02b521dcdbc352e4 0.00000691413879394531 haval256,3: 291d9a24e31e2cf63110c28528a9ac813b9b6f88522a1cf7368793df2f41b4cd 0.00000715255737304688 haval128,4: 1ce56395ad07bf5344537521bea5f599 0.00000786781311035156 haval160,4: bce1de9b9c409cfaa23b8ca10eb3ac00d4f83658 0.00000810623168945313 haval192,4: 002b9cf0d5e9731edc81ac3f280863cd1fe413a926ba808c 0.00000691413879394531 haval224,4: 8d90a664b8fb65b7d42ce83e3cc9d0eb4d4089906363218d7e24811d 0.00000810623168945313 haval256,4: 2ace0ed63c834efbef8347cc5bc9120dc1b30886aa2e22aebd5d711201a91e34 0.00000810623168945313 haval128,5: 04b774d51f200f28e5dc33ae45534158 0.00000905990600585938 haval160,5: 1e6a22f18e2df6e1a23ba59c4b754a822f1131f6 0.00000905990600585938 haval192,5: e8598578bd32986732601067cfc20295f12a0b0a781b8a8c 0.00000810623168945313 haval224,5: f11a490a587190361bb026dd2bd21ad233dfc41b82e82adcf060d0b2 0.00000882148742675781 haval256,5: 120e7f0ebbacf71fe810bd142fdcada9bfe158a9da9169d4dde4c8c9333158af 0.00000810623168945313
