While many operating systems already use salts and key stretching techniques to securely store user passwords, password security is still a sore topic especially in popular web applications, even though such applications run the greatest risk of being attacked in an attempt to extract user or customer passwords. Sometimes, passwords are even still stored in plain text; and if they do get hashed, it might only be via MD5. Even such popular content management systems as Typo3 use MD5 without salt or rounds as their default method for hashing user passwords.
The "saltedpasswords" Typo3 extension promises to increase security. It offers added security via bcrypt or the phpass security framework; more about that in a moment. However, the extension must first be enabled and configured, which requires installing further extensions and making system adjustments – it's hardly surprising that many operators simply use the default installation.
WordPress and phpBB use the phpass framework by developer Solar Designer – who, incidentally, also develops the John the Ripper password cracker. By default, phpass uses bcrypt. Bcrypt is based on the Blowfish algorithm which is, strictly speaking, an encryption algorithm rather than a hashing algorithm. Bcrypt uses a complex key initialisation algorithm and further encrypts the resulting ciphertext by adding alternately the salt or the password. The number of rounds is a power of 2, and the exponent that is used is added to the beginning of the created string. The usual format of the sequence of characters is
Wedged between dollar signs at the beginning, 2a represents the bcrypt algorithm, while the 08 that follows is the exponent for a power of 2 – 2 to the power of 8 produces the number of rounds: 256. The remaining character string contains the 16-digit salt and the encrypted password.
If the Blowfish algorithm isn't implemented on a system, the phpass framework will automatically default to Extended DES and, if necessary, to MD5 with salt and iterations. To prevent the framework from falling back to weak algorithms, the developer recommends using PHP 5.3.2 or later. Blowfish, SHA-256 and SHA-512 are standard PHP components from this version, which means that no further operating system APIs or added libraries are required. Alternatively, the Suhosin PHP security framework will extend the PHP interpreter to include Blowfish.
However, WordPress and phpBB use the weakest of the three possible configurations. When tested on an Ubuntu system, WordPress used the MD5 variant; the CMS deliberately forces this variant to ensure the compatibility of various web applications. WordPress can reportedly use the phpBB user database, and vice versa. The Drupal developers, on the other hand, have adapted the framework for their purposes and started hashing with SHA-512 in Drupal 7. A "Secure Password Hashes" module provides added protection for older versions of Drupal.
The default security of the Joomla CMS isn't as good as it could be, either. While the CMS is capable of using salted SHA-512 with multiple rounds (getCryptedPassword) via the crypt() PHP function, the default setting is a salt and MD5 with one round. Manually adjusting individual CMS installations to use a more secure variant is generally unproblematic. The only caveat is that add-on modules may be incompatible with the changes.