silverstripe-framework: RFC: Deprecate and warn against using bad PasswordEncyptors

Affected Version

4.3.x / 5.0

Description

Currently we have several terrible options for password hashing:

  • MySQLOldPassword
  • MySQLPassword
  • None
  • PhpHash
  • PhpLegacyHash

The MySQL “old” option is awful, and can be reversed with ~50 lines of C code, and the “new” version doesn’t seem to hold up to much scrutiny either.

I have no idea why we offer a “none” option. We should never encourage this.

PHPHash (and the extension LegacyHash) uses PHPs hash function. This is not suitable to password hashing purposes - these hashes are designed for efficiency - the opposite of what you want for passwords.

All of those are insufficient methods for hashing passwords.

Proposal

We mark all these "encryptor"s (hashers) as deprecated and show a warning (in dev mode? Only while logged in as admin?) if they are being used.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 2
  • Comments: 15 (15 by maintainers)

Most upvoted comments

Ugh, I still have, somewhere on my backlog, the “Make default admin hashed as well” feature…

I can have a look at it over the weekend, but on my account, feel free to close 😃

+1
Firesphere on Jan 29, 2021
Read more comments on GitHub
← silverstripe-framework: RFC Declare @throws in phpdoc
silverstripe-framework: [SECURITY] Bad UX for lost password / password reset →