Make WordPress Core

Opened 11 years ago

Closed 9 years ago

#25816 closed enhancement (duplicate)

Use a CSPRNG when generating passwords

Reported by: rmccue's profile rmccue Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:

Description (last modified by rmccue)

As Solar Designer (the author of the PHPass library that we use) pointed out on Twitter (1, 2), we don't use a CSPRNG in wp_generate_password() (and the underlying wp_rand()). The current implementation of wp_rand() uses mt_rand(), which is the Mersenne Twister PRNG. MT is not cryptographically secure, and Solar Designer also has a seed cracker for it.

We don't always need a CSPRNG, and wp_generate_password() is used for purposes other than passwords too (woo), so switching might not be ideal for everyone using it (since not everyone needs the string for passwords, but might just be for a random token string).

I'd like to propose we introduce wp_csrand() and use it by default in wp_generate_password(). I'd also like to add an extra parameter to wp_generate_password() to allow using mt_rand() instead, for non-cryptographic purposes.

Change History (7)

#1 @rmccue
11 years ago

  • Description modified (diff)

#2 @rmccue
11 years ago

Solar Designer also points out (1, 2, 3) that we have an implementation in PHPass that we can borrow from, as well as this implementation designed for DokuWiki.

#3 @tomdxw
11 years ago

  • Cc tom@… added

#4 @Denis-de-Bernardy
11 years ago

  • Cc ddebernardy@… added

#5 @chriscct7
9 years ago

  • Keywords needs-patch added

#6 @sarciszewski
9 years ago

As of 4.4 this should be resolved by the changesets attached to #28633

#7 @SergeyBiryukov
9 years ago

  • Keywords needs-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #28633.

Note: See TracTickets for help on using tickets.