On Oct 12, 2011, at 5:58 AM, Jeremy White wrote: > The current form of that is a fairly complex salted sha 256 string. However, > that started in bugzilla version 4, which was released only this year. > > For passwords encrypted in bugzilla prior to that, a simple crypt() was used. > I haven't yet looked at the bugzilla code to determine if it was salted or not, > or exactly how that crypt() was called. The encrypted text is roughly the same > length as a 64 bit DES encryption. > > The appdb uses the sha1() mysql function which is a straight forward sha1sum. > > I won't claim to be a cryptography expert, as I'm not. My back of the envelope > analysis is that if you have a moderately complex password, you will likely > be safe from any straight forward attempts to crack your password. You may still > be at risk to an extended brute force attack. But here my ignorance kicks in; > I don't know where the curve of password length + complexity matches the curve > of 'time required to brute force an sha1'. I'm not a cryptographer either, but note that SHA-1 is used by Git and others for its speed. For hashing passwords, this is a bug, not a feature -- checking passwords should be slow rather than quick. One hash function designed for passwords is bcrypt(). Josh
