MoinMoin uses password hashing to store user passwords - this is to protect the passwords even for cases when someone gets directly access to the storage (like an admin or intruder).
General considerations about salting
"Salting" a password with random data is necessary to prevent a couple of different attacks. One should append at least 64 bits of random, secret data to a password before hashing it.
If each password is simply hashed, identical passwords will have the same hash. There are two drawbacks to this:
Due to the birthday paradox, the attacker can find a password very quickly especially if the number of passwords in the database is large
An attacker can use a list of precomputed hashes (as in a Rainbow table) to break passwords in seconds.
In order to solve these problems, a salt can be concatenated to the password before the digest operation. A salt is a random string of a fixed bit length. This salt must be different for each stored entry, and must be stored as clear text in the persistence layer. The salt should be kept secret and never be displayed to users.
In Moin 1.9 the minimum required Python version was Python 2.4 (in Moin 1.8 it was still at Python 2.3).
SSHA (salted SHA1) password hashing is the default hashing method in Moin 1.9/1.8, using a string of 20 random characters as salt. SHA1 comes from Python's standard library.
In 2005, security flaws were identified in SHA1, namely that a mathematical weakness might exist, indicating that a stronger hash function would be desirable. According to Hashing article at PythonSecurity.com SHA2 hashing function with salting is currently the best solution for password storage, but Python 2.4 (2.3) does not offer SHA2 hashing functions in its standard library, so Moin 1.9 (1.8) will continue using SHA1.
SHA1 is still good hash function but it's not recommended to use it for storing security critical data any more.
In Moin 2.0 the minimum required Python version is 2.6.
SSHA256 (salted SHA256) password hashing was chosen as default hashing method in Moin 2.x using a string of 32 random characters as salt. SHA256 comes from Python's standard library.
Password storage implementation
Password hashing is implemented in MoinMoin/user.py. Function encodePassword(pwd, salt=None) is designed to encode a cleartext user password into the internal representation.
This function encodes a password in 5 steps:
- Create random salt string of 32 characters (moin 1.9/1.8: 20 chars)
- Create sha256 hash of user password (moin 1.9/1.8: sha1)
- Update password hash with salt string
- Add plain text salt string to the end of generated hash
- base64 encode hash digest
This encoded password is stored.
User password migration from other systems
Moin wiki supports password migration from other systems (for moin2, this includes migration from moin1 SSHA passwords).
Supported passwords hashes:
- salted SHA256 (SSHA256) - new in moin2, used by default in moin2
- salted SHA1 (SSHA) - used by default in moin 1.9/1.8
- SHA1 (SHA) - used by older moins
- MD5 - for migration scenarios from other software
- APR - for migration scenarios from other software
- DES - for migration scenarios from other software
Moin can validate a user password against a hash in a supported format. On successful validation, moin2 automatically upgrades the stored password to SSHA256 (moin 1.9/1.8 upgrades to SSHA).