MD5 Passwords in MySql?

Charles Bradshaw brad at bradcan.homelinux.com
Mon Mar 25 11:36:07 EDT 2013 

Adam

The end goal was simply stated previously: 'To store MD5 hashed
passwords in a mysql database'.

My reasons for wanting to do so are complex and NOT the subject of the
thread. Had I been seeking general advice about possibilities I might
have asked: Is it advisable to do such and such? Or maybe, what do you
advise as a method of increasing security of the password file?

We could debate the pros and cons or various security stratagems for
ever! I suggest that this is not the place to do so. For starters the
internet is becoming swamped with: "Well why don't you use Dovecot and
Postfix, they're much simpler to configure?" or "Why don't you use XYZ
because I find it blah balh blah?" In my view, understanding network
security, with a view to making educated decisions, is better
accomplished by studying the some of the many excellent books on the
subject, and vigilance of the emergent cracking techniques.

Sadly mailing list are becoming increasingly useless because of the
phenomenon of answering questions with, oft, irrelevant questions!

It is gratifying, but wholly pointless, that somebody says; "I have no
clue."

It seems entirely reasonable to me to MD5 the raw passwords because it
provides a simple extra layer of defence against a penetrated password
file. Yes, a further layer might be to encrypt the entire disk, but at
what cost? Who knows, I might be running my database on a 486 with slow
old IDE disk drives! No, I don't, but you will take the point.

Since it is clear that nobody knows how to do the MD5 thing out of the
box, or perhaps it's impossible? Maybe I'll resort to reading the code
with a view to doing my own mod. Hum.. probably not though, the code is
evil!

On Mon, 2013-03-25 at 07:50 -0400, Adam Tauno Williams wrote:
> On Mon, 2013-03-25 at 11:40 +0000, Charles Bradshaw wrote: 
> > Yes I understand and accept the weakness of MD5. In the world of
> > exponentially increasing processing power there will always be weakness,
> > of ANY scheme.
> > The question is not however about the efficacy of encryption methods!
> > It's about how to achieve password hashing in a mysql database.
> > I have indicated how to use AES. Its' strength however is compromised by
> > the necessity of revealing the key in many places.
> > I would be most great-full, if anybody KNOWS:
> > Is there a way to store MD5 hashed passwords when using the mysql
> > plugin?
> 
> I have no clue.  BUT I still wonder what the end-goal is.  If you are
> actually worried about theft of the underlying database then it would
> seem volume encryption is the correct answer - encrypt the entire
> database, on disk.  That isn't hard and doesn't require modification of
> any software.
> 
> Anyway, storing essentially clear-text credentials in the authorization
> database (be it a KDC, an LDAP server, an Active Directory server,
> etc...) is normal, accepted, and common.  Most worthwhile authorization
> schemes require an 'effectively' clear-text secret on both ends.  Guard
> the credential database and ensure communication channels are secure
> [encrypted].  "Make /etc/passwd useless" is an abandoned meme, you
> cannot win that fight.
> 
> > Security through obscurity is always a bad principle.  
> 
> No one here is recommending that or stating that it is.
> 
> > On Mon, 2013-03-25 at 08:59 +1030, Daniel O'Connor wrote:
> > > On 25/03/2013, at 7:33, Charles Bradshaw <brad at bradcan.homelinux.com> wrote:
> > > >> That seems very wrong to me.
> > > > It might be a kludge, but it's not wrong. It avoids storing plain text
> > > > passwords, which are always a risk. The purpose of MD5 digest is to make
> > > > passwords truly private to the user. Not even root knows users passwords
> > > > when stored in shadow(MD5).
> > > > The only risk to shadow passwords is a brute force attack which is
> > > > relatively easy to detect and foil.
> > > FYI a single round of MD5 is considered quite weak these days.
> > > The whole point of hashing a password is to make it difficult to find a password if the password DB is leaked. MD5 is no longer sufficient for this (even with salt).
> > > A modern GPU can brute force billions of passwords per second and humans suck at generating them.
>

More information about the Info-cyrus mailing list