WordPress password storage - security/hash algorithm

sage9

#1

Hi all,

My site is built using Bedrock and Sage9 but this question isn’t strictly related to either. I’m hoping however to tap into the wealth of knowledge here to help me complete a security review that I’ve been asked to do by my client.

In the section entitled ‘Use a strong hash algorithm for passwords storage’ the requirements are listed as follows:

  • MD5 and SHA-1 must not be used.
  • SHA-256 or superior must be used.
  • Each password must be hashed after having been concatenated with a per user random string (of at least 32 characters) which is called salt. It helps making brute-force and rainbow table based attacks much slower.
  • The hash algorithm should be reiterated at least 50 times (PBKDF2 may be used)

I have researched the above in an attempt to check that WordPress conforms with these requirements but I’m not sure, I seem to find conflicting answers. Basically I need to answer ‘yes’ to each of these points, but I have to be sure in what I am saying. Can anyone give me some guidance/assurity that WordPress conforms (with Bedrock and Sage9)?

Many thanks in advance

Kevin


#2

I can’t speak to the others, but WordPress use MD5 hashing on passwords. The Roots team has made a plugin to address this: https://roots.io/plugins/bcrypt-password/

Whether or not WordPress meets the rest of your requirements I don’t know, although I wouldn’t be particularly optimistic. Fortunately, the description of the Roots bcrypt plugin mentions the following:

WordPress did at least one good thing: they made wp_check_password and wp_hash_password pluggable functions. This means we can define these functions in a plugin and “override” the default ones.

So it should be fairly straightforward to write your own password hashing plugin that will meet your requirements.


#3

Thanks for this @alwaysblank, really appreciate it! Doing a bit of reading - https://rietta.com/blog/2016/02/05/bcrypt-not-sha-for-passwords/ - this implies that bcrypt is actually better than SHA-256 which is the base requirement, would you agree?

Kevin


#4

How about Argon2i plus SHA-512 HMAC?