Some questions to the HL2.net Gods...

[99.vikram]

With the recent spate of hacking incidents across the internet, I thought it's important that we have some info on how safe our credentials are here. So without further ado...

1. Are passwords stored in plaintext?

2. Do you use hashing algorithms like SHA, or key derivation methods like bcrypt or PKDBF2?

3. In case the answer to 2 is hashing (oh please don't let it be..) do you use per user salts?

Again, I'm not implying that you're dunderheads; it's just something I've been worried about recently, with all the accounts I have across various sites and online services.

 

[Pi Mu Rho]

Paging StarMonkey...

 

[ríomhaire]

Use different passwords for the different services you use.

 

[Hectic Glenn]

Like I said before, we don't store any of the passwords online. We have them written on post it notes which we manually check each time someone logs in to authorise your access.

 

[kazsymonds]

Like I said before, we don't store any of the passwords online. We have them written on post it notes which we manually check each time someone logs in to authorise your access.

Is mine still "I love glenn 1234"? I've forgotten!

 

[AtomicSpark]

It's probably whatever vBulletin does by default. My lazy search found:

$password_hash = md5(md5($password_text) . $user_salt);

Although it has to magically work with WordPress. One may wonder...

 

[Dekstar]

Don't worry guys, I just hacked into the database (surprisingly easy) and downloaded all your unencrypted passwords. At least now, if someone does gain access and change your passwords, I'll be able to restore from the backup.

 

[99.vikram]

It's probably whatever vBulletin does by default. My lazy search found:

$password_hash = md5(md5($password_text) . $user_salt);

Although it has to magically work with WordPress. One may wonder...

While I'll give you that it isn't the worst case i.e. plaintext, that's pretty bad. MD5 is a hashing algorithm, designed on purpose to be as fast as possible. A hash is intended as a signature (eg: for a file) and NOT as a security measure. There is a separate class of encryption algorithms. It's nice that you added a salt, but Rainbow Table attacks haven't been in vogue for a while now, since anyone with some dollars to spare can rent a GPU cluster and deploy massive parallelism (via CUDA, OpenCL) to bruteforce passwords that are simply hashed. As this article explains:

A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds.
...
If you're willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second. And that rate you'll be cracking those passwords at the rate of more than one per second.

Note that people rent these clusters for much lower prices.

Further corroboration by Wikipedia:

The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6Ghz Pentium4 processor (complexity of 224.1).[18] Further, there is also a chosen-prefix collision attack that can produce a collision for two chosen arbitrarily different inputs within hours, using off-the-shelf computing hardware (complexity 239).[19] The ability to find collisions has been greatly aided by the use of off-the-shelf GPUs. On an NVIDIA GeForce 8400GS graphics processor, 16-18 million hashes per second can be computed. An NVIDIA GeForce 8800 Ultra can calculate more than 200 million hashes per second.[20]

Solution? Like the linked article explains, use bcrypt or PBKDF2, which are designed to be not only an order of magnitude slower, but also scalable i.e. if computers get 10x faster in the next 3 years, you can simply adjust a number ("work factor") to slow the process down and get your security up to speed. It makes brute force attacks impossible in reasonable timeframes.

I think the code change is trivial, but is it worth moving all the passwords over to a new DB? I can't say. While HL2.net is not a likely target right now, a large percentage of users likely use the same passwords for their google or FB accounts, or in cases of extreme stupidity, for their Visa/Mastercard/Paypal. If MD5 is your only protection, which is to say none at all, it is inadvisable to use the same password for other services.

For more informed opinions see this thread: http://news.ycombinator.com/item?id=2004833