I was about to install phpBB3 for forum, but I was strongly discouraged by an IT friend, that phpBB3 is easily crackable and the encrypted passwords are salted, but bruteforceable.

Exactly how strong IS the phpBB3 encryption, and how does somebody reverse it?
I would like to experiment with it first hand by reversing my encrypted passwords and a few example words, so can anyone suggest a decent bruteforcer for it?

There is no such thing as completely reversing a hash, as they are one way functions.

md5(phpbb3) =$H$9eSU8WXrem0xrYBvOxfnWARRpErlYe/ // insidepro

i get 2500 passwords/sec
with simple md5 i get 12000000 hashes/sec
phpbb3 hashes are 4800 times slower to bruteforce than md5 hashes. (on my computer, 3Ghz)

That seems to be a decent improvement from phpbb2s unsalted md5.
How do they achieve it? Is it 4800 times longer to use the phpBB3s hash function on a string than to use md5? Or the bruteforcers are just not optimized for this function?

Anyway, can I ask you what software did you use? I wish to try it out myself.

insidepro's passwordspro

phpBB3's default setting is to do 2049 ((2^11)+1) MD5 hashes per password.

First one is hash = MD5(salt + pw), then all the others are hash = md5(hash + pw). The output of md5() is in binary so 16 bytes "16 characters." So for each hash there are 4 extra adds and you can't reverse more than a few steps on the last MD5. For a plain MD5 hash you only need to do 44 out of 64 steps (I think that's right 64-16-3-2/2) but for this you need to do 2049 full md5s minus a few steps on the last. So theoretically it should be around 2980.4 (2049/(44/64)) times slower. Insidepro's passwordspro might not be using 3x interlaced SSE2 or there's something I'm missing. Anyway since phpBB3 hashes have salts you can only crack one hash at a time so this will be much slower than plain MD5 if you have a bunch of hashes.

phpBB3 hashes are one of the strongest that you'll find it is even better than $1$ hashes which is 1000 MD5s with a salt. Well phpBB3 hashes might have 513 MD5s per hash if the version of PHP is less than 5. Also note that phpBB3 hashes can use (2^n)+1 MD5s where 7 <= n <= 30. So in short your IT friend is misinformed. He probably thinks this because phpBB.com got hacked and their DB got dumped and there were a lot of old password hashes from version 2 that were just unsalted MD5.

Ok, so if an attacker gets your database, he can't really figure out the passwords longer than 6-7 characters (for the next few years at least). That's a relief.

But are there any known vulnerabilities in phpBB3? I mean what kind of attack would you use against it and how would you prevent it?
There are no other CMS installed, just plain html sites, so there is no way to use cross-site scripting (and dumping the config.php to the response, with a badly written php for example)
Sorry for asking it here I know it is not the right forum for it, but the phpBB guys swear that their software is perfect (they said the same about phpbb2 a few years ago, but it turned out to be a little insecure), and I would like to ask people less prejudiced.
I'm seriously considering phpBB for a long term solution, so any remark on the subject would be really helpful.

That's right, but to be sure, force them, on sign up, to have mixalpha-numeric passwords >=7 chars. (it would take a little over 45 years to crack that kind of a hash on my computer) (mixalpha-numeric = [a-z, A-Z, 0-9]), and force them to NOT use words from a dictionary.

Here's a list of common words, passwords etc, first used by an attacker on your hash. You could download from there some of the wordlists and force the users to not use any of the easily crackable passwords, up upon registration.

LE:


Well, there are always new attacks found, but they are patched in like 1-4 days, so it's a good idea to keep your phpbb3 forum up to date, in order to avoid this kind of attacks.
The most common of all, are the SQLi attacks, XSS ... but the code is secure, so there is no thing to worry about. To make sure of it, you could check the entire source and secure it

LE2:


I think the best way to think is the offensive way. So where better to ask a security problem, password related, but on a forum that's specialized with the analysis of password security issues.


If you edit the password policy on registration, force the user to use >6 mixalpha-numeric passwords, if you do this, there is no need to worry about cracked hashes.

LE3:
@2500 passwords / sec
mixalpha-numeric (1) ; loweralpha-numeric (2)
loweralpha-numeric passwords contain only a-z, 0-9.
mixalpha-numeric passwords contain only A-Z,a-z,0-9.

You would need a large dictionary as p@$$w0rd would probably not be in it. If your dictionary is too big some people will find it hard to create a password that they can remember or just give up. Also I don't think many people will try brute forcing these passwords unless they have more resources than they know what to do with like a botnet of 250,000. You do have to worry about this if your database gets dumped as the easiest passwords will be broken in a day or so. Hey did anyone try cracking the phpBB3 hashes when their site got owned? I know I didn't even look at them; I was like "ohh f* that sh*." Also the people with emails of admin@*.* will be targeted more than the others.

Thanks for the answers. They have been really helpful and gave me some useful insight on the subject.

I decided on phpBB. Let me just ask about the phpBB-SEO premod.
Is it compromises the security of phpBB or should I install it? It seems to be a very nice addon to the forum since it solves a lot of seo problems with phpBB, and promises no significant performance loss. I'm considering it if you don't disapprove.

I up the topic.

I have a program to bruteforce the phpbb3 encryption, but witch a core 2 duo, It would take years to decrypt a password length of 7 characters.
However, the Efficiency of CUDA with good graphics card would reduce this period relatively well. Is there already a program in CUDA?

i'm not aware of any program that could do this.

Not that I'm aware of.

It won't help a lot.

Feel like paying someone to write one? I know some coders...