I have noticed that the user's password is encrypted in the database, where do i find the code in moodle that encrypts and decrypts the data?
the reason i ask is im interested to know how this sort of stuff works.
Technically the password is not encrypted, rather it is hashed. The hashing algorithm is MD5. It is supposed to be a secure one-way message digest, but there has been some recent theoretical work indicating it may have some weaknesses. A good reference is Bruce Schneier's book Applied Cryptography.
Thank you very much about that information it was a good read!
if someone could help me understand one aspect:
if the MD5 proccess is "irriversable" how does moodle get the password and email back to the user when they have forgotten it?
It simply doesn't, try yourself.
If you ask Moodle to help you because you lost your password, it will first send you a message in order to identify you and make you confirm the request by clicking a link. After following that link and having reconfirmed your request, you will be sent a new, generated password.
In fact we should think about using another algorithm.. the weakness found in MD5 looks severe indeed. But MD5 is so handy.. any ideas?
If you ask Moodle to help you because you lost your password, it will first send you a message in order to identify you and make you confirm the request by clicking a link. After following that link and having reconfirmed your request, you will be sent a new, generated password.
In fact we should think about using another algorithm.. the weakness found in MD5 looks severe indeed. But MD5 is so handy.. any ideas?
The "weakness" in MD5 is no weakness at all thus far. By this, I mean that things like "n-round X algorithm has been successfully attacked" doesn't mean anything for the same algorithm with n+1 rounds. It doesn't bode good, but it also is not condemning. Maybe MD5 will be compromised in the future, as this shows, but there really is no problem right now. Probably even if you are the US Government, not a Moodle installation.
When moving from MD5, the only reasonable alternative right now is SHA-1. "Applied Cryptography" is a very good read on the subject; I bought my paper copy after reading it in PDF.
Jon
Hi Jon!
Can you provide links to articles and/or websites that would explain to a "layperson",
Thanks in advance.
WP1
Can you provide links to articles and/or websites that would explain to a "layperson",
- MD5 (and all that "n-round X" and "n+1 rounds" algorithm stuff.
- SHA-1
Thanks in advance.
WP1
If there are Chinese researchers that find a collision for any given md5 hash in 15 seconds to 5 minutes it _does_ sound bad to my ears indeed.
Bad enough to look for another algorithm for future developments, that's for sure.
Sha1 certainly is an option, but it's not built into older versions PHP, that's why I was asking.
Bad enough to look for another algorithm for future developments, that's for sure.
Sha1 certainly is an option, but it's not built into older versions PHP, that's why I was asking.
Before panicking about this, let's remember that the md5 password field is not published anywhere at any time. Someone would have had to already cracked their way in to your raw database, in which case they already have access to everything and so md5 is irrelevant.
For a simple Moodle installation this is of course correct. But there are other cases, e.g. lots of webapps sending md5 hashes over the net that were calculated on the client side. Then it's another kind of issue, but certainly not one worth panicking, sure.
For nontechnical readers, being able to produce collisions means that you can produce pairs of passwords which both have the same MD5 hash. It does not mean that you can reverse MD5, i.e. given an MD5 hash, you can find a password which hashes to the given hash.
Being able to produce collisions makes a hashing algorithm useless for digital signatures. For then one can produce two versions of a document, get someone to digitally sign one version, and then apply the digital signature to the other version and get the signature to verify. MD4, a precursor to MD5, was broken in this way some time ago. The current results on MD5 have not achieved this yet, but are pointing in this direction.
However, to break a hashing function's usefulness for password encryption, you need to be able to find a way to reverse the hash function. This is a much harder problem. Even MD4 would be currently secure for this purpose.
Being able to produce collisions makes a hashing algorithm useless for digital signatures. For then one can produce two versions of a document, get someone to digitally sign one version, and then apply the digital signature to the other version and get the signature to verify. MD4, a precursor to MD5, was broken in this way some time ago. The current results on MD5 have not achieved this yet, but are pointing in this direction.
However, to break a hashing function's usefulness for password encryption, you need to be able to find a way to reverse the hash function. This is a much harder problem. Even MD4 would be currently secure for this purpose.
You're right. I was mislead by comments on another forum.
Shame on me
Shame on me
Being able to produce collisions makes a hashing algorithm useless for digital signatures. For then one can produce two versions of a document, get someone to digitally sign one version, and then apply the digital signature to the other version and get the signature to verify. MD4, a precursor to MD5, was broken in this way some time ago.
Actually even this is an overstatement. Any practical digital signature system will add a timestamp to the document being signed. Since the attacker can't predict this in advance, he can't prepare the two versions of the documents having the same hash.
Zig beat me to the correct answer... oh well! 
WP: I can only recommend the book (which you will LOVE if you like mathematics and/or algorithms, by the way). Our friend Google should help you if you want online material.
I've said it before and I'll say it again - Moodle isn't a banking application. If you are truly seriously worried about security you need to do an end-to-end security audit of your systems. I bet you'll find that the MD5 hashing is a long way off being the weak link in the system. Who has the keys to your server room?
Anyway, Moodle is a learning system - what data is held on it that is so important.
FWIW - we are very fussy about allowing access to some of our courses because we tell our students that there forum discussions are private, BUT... we also tell them that we don't 100% guarantee it.