Thijs/wiki.techinc.nl

Author SHA1 Message Date

Author	SHA1	Message	Date
Kevin Israel	71f27d46f1	password: Remove automatic fallback to hash_pbkdf2() The criteria for doing so have now been met: * PHP 8.1+ is now the documented minimum, and the 1.42 branch already enforces this in PHPVersionCheck. (T359868) * OpenSSL support is also now required. (`e4127e5864`) As stated in AbstractPbkdf2Password::canUseOpenSSL(), the version check is no longer needed because PHP 8.1 requires OpenSSL >= 1.0.2. While the the master branch may still work on PHP 7.4 for now, it is unlikely that a site using it would still have a version of OpenSSL older than 1.0.1f. (For example, WMF stopped using Ubuntu 14.04 "Trusty", which has exactly that minimum version of OpenSSL, once Canonical started charging for security updates in 2019.) The reasons for the version check were: * Old versions of OpenSSL appeared to perform at least as well as PHP for reasonably long passwords (up to 128 bytes for SHA-512 hashes); however, they had the same DoS issue that our own implementation for PHP 5.3 had (see T64685). hash_pbkdf2() never had that problem. * If PHP were to incorporate the major optimization of hashing the HMAC key blocks only once, then the old OpenSSL versions would actually be slower. So far, this has not happened. Change-Id: I47eb1aabf3d0ae4792624f9ba1c392880d52d0b7	2024-06-08 01:06:22 -04:00
Reedy	5ab70409f5	Namespace includes/password Bug: T353458 Change-Id: I1a701b5b7ff65356692abb0efde9a2207b6135b6	2024-05-18 16:17:38 +01:00
Kevin Israel	47241a3520	Use OpenSSL if available for PBKDF2 password hashing This at least doubles the speed, which would allow the number of iterations to be doubled and computation of the password hash to complete in the same amount of time as before, or maybe even a slight bit less. The doubling in speed is due to an optimization[1] that so far has not been accepted into PHP's hash extension.[2] In addition, OpenSSL has optimized assembly-language hash function implementations for several common CPU architectures. These provide a further, yet more slight, performance improvement. While OpenSSL's PKCS5_PBKDF2_HMAC() is not the fastest implementation around, using it does not add a new library dependency. And although better password hashing functions exist, PBKDF2 is still the default in MediaWiki. For these reasons, I think this change makes sense. [1]: https://github.com/openssl/openssl/commit/c10e3f0cffb3820d [2]: https://github.com/php/php-src/issues/9604 Change-Id: I7b06590d4c42581f8749336f9c17777f973a506c	2022-10-04 19:46:14 -04:00

Kevin Israel

71f27d46f1

password: Remove automatic fallback to hash_pbkdf2()

The criteria for doing so have now been met:

* PHP 8.1+ is now the documented minimum, and the 1.42 branch already
  enforces this in PHPVersionCheck. (T359868)
* OpenSSL support is also now required. (e4127e5864)

As stated in AbstractPbkdf2Password::canUseOpenSSL(), the version check
is no longer needed because PHP 8.1 requires OpenSSL >= 1.0.2. While the
the master branch may still work on PHP 7.4 for now, it is unlikely that
a site using it would still have a version of OpenSSL older than 1.0.1f.
(For example, WMF stopped using Ubuntu 14.04 "Trusty", which has exactly
that minimum version of OpenSSL, once Canonical started charging for
security updates in 2019.)

The reasons for the version check were:

* Old versions of OpenSSL appeared to perform at least as well as PHP
  for reasonably long passwords (up to 128 bytes for SHA-512 hashes);
  however, they had the same DoS issue that our own implementation for
  PHP 5.3 had (see T64685). hash_pbkdf2() never had that problem.

* If PHP were to incorporate the major optimization of hashing the HMAC
  key blocks only once, then the old OpenSSL versions would actually be
  slower. So far, this has not happened.

Change-Id: I47eb1aabf3d0ae4792624f9ba1c392880d52d0b7

2024-06-08 01:06:22 -04:00

Reedy

5ab70409f5

Namespace includes/password

Bug: T353458
Change-Id: I1a701b5b7ff65356692abb0efde9a2207b6135b6

2024-05-18 16:17:38 +01:00

Kevin Israel

47241a3520

Use OpenSSL if available for PBKDF2 password hashing

This at least doubles the speed, which would allow the number of
iterations to be doubled and computation of the password hash to
complete in the same amount of time as before, or maybe even a
slight bit less.

The doubling in speed is due to an optimization[1] that so far has not
been accepted into PHP's hash extension.[2] In addition, OpenSSL has
optimized assembly-language hash function implementations for several
common CPU architectures. These provide a further, yet more slight,
performance improvement.

While OpenSSL's PKCS5_PBKDF2_HMAC() is not the fastest implementation
around, using it does not add a new library dependency. And although
better password hashing functions exist, PBKDF2 is still the default
in MediaWiki. For these reasons, I think this change makes sense.

[1]: https://github.com/openssl/openssl/commit/c10e3f0cffb3820d
[2]: https://github.com/php/php-src/issues/9604

Change-Id: I7b06590d4c42581f8749336f9c17777f973a506c

2022-10-04 19:46:14 -04:00

3 commits