This weakness in hashing overall determines how quickly an attacker can get through the password database to steal details or guess the passwords during the login attempt.
In this list of nice, researchers found out systems like Joomla, Zurmo, OrangeHRM, SilverStripe, Elgg, XOOPS, e107, NodeBB, Concrete5, phpBB, Vanilla Forums, Ushahidi, Lime Survey, Mahara, Mibew, vBulletin, OpenCart, PrestaShop, and Moodle. Whereas, on the other side the most secure CMS systems from a hashing perspective were protected with bcrypt - a password hashing function that is resistant to GPU-based parallel computing cracks. The list included big names like X3cms 0.5.3, GetSimple, MiniBB 3.2.2, and Phorum. Some of the systems under consideration had wMD5 or SHA-1 on it, but they were still at risk by not using salt or iterations. Also read: All You Need to Know About Ethical Hacking (infographic).If the number of iterations are more, it then becomes a bit difficult for password cracking computers to develop password matches at a rapid pace. Each of these rounds in which hash gets mixed with salt is called iteration.
Hashing function gets mixed with salt over and over again to make the password secure and process computationally expensive. It is a random string of data that is based on different hashes for similar passwords. This leads us to another important aspect of hashing the passwords - salt. Moreover, sites which had loose password policies and not salt, there were random hash iterations as well. The graphical processing units, which eventually divides the processing power to the many processing cores, can also be targeted. The worst thing is that collision attacks aren’t the only danger to hashing functionality. with GetSimple CMS, Redmine, Collabtive, PunBB, Pligg, and Omeka. While a further 12.2% of them used SHA-1. This list included osCommerce, SuiteCRM, WordPress, X3cms, SugarCRM, CMS Made simple, MantisBT, Simple Machines, miniBB, Phorum, MyBB, Observium, and Composr. In the final results, it was proven that 26.5% of them used MD5. The team looked at 49 content management systems and 47 web application frameworks. On the other hand, SHA-1 was considered to be a genius replacement of MD5 but only till the time it became totally obsolete. Doing so would make sure that no two passwords produce the same digest but that happened with the first successful collision attack against MD5 was carried out in 1996 and how MD5 collisions are now more common. An effective hashing function is supposed to generate a unique digest for every different input by the user. The researchers found out that MD5 and SHA-1 has always been the main culprit behind this weakness. Going into the depth of the detail they explained that not all hashing functions can work equally well.
The research has been done by three researchers from the Department of Digital Systems at the University of Piraeus in Greece who thoroughly tested a number of CMS, just to ensure how well such systems hashed the passwords.įor those of you who are still new to hashing the passwords, it is basically a mathematical function that converts your password into a code. So, while safeguarding the content with impeccable security standards is a necessity, a latest study has discovered that the most popular content management systems (CMS) on the web are actually protecting the passwords of their users with insecure algorithms. It is safe to say that the world of internet is literally nothing without the content that we find on it in our everyday life.
0 kommentar(er)
