Semisecure Login Reimagined

Prior to WordPress 2.5, I’d been using a plugin called Semisecure Login. This plugin would encrypt your password when logging in via a one-way md5 hash and compare this to your password’s md5 hash on the server side (prior to WordPress 2.5 passwords were stored in the database as md5 hashes). A nonce was thrown in for good measure to help prevent replay attacks. This, effectively, provided a “semisecure” login environment. It obviously wasn’t as secure as using an SSL cert (it wouldn’t prevent session hijacking, etc.) but I liked it.

With the release of WordPress 2.5, passwords are now hashed up by phpass before entering the database. Further complicating the matter, phpass salts each password before hashing. This change effectively “breaks” Semisecure Login. Using a plugin, it’s possible to revert back to the md5 hashes, and Semisecure Login for WordPress 2.5 takes advantage of this.

On the other hand, I wanted to keep using the new phpass hashes and still provide a semisecure login environment. This thread details the difficulty in making this happen. There didn’t seem to be any way to use one-way hashing, and using standard secret-key encryption was out (for obvious reasons). The only thing that left me with was to try and use public-key encryption.

RSA is a popular public-key algorithm, and I was able to find a few implementations in both JavaScript and PHP. My main criteria in picking which implementation(s) to use were (1) interoperability between JavaScript and PHP, (2) efficiency, speed, and performance and (3) a solution that would work for most shared hosts. I ended up settling on the jsbn library for JavaScript and OpenSSL on the PHP side. Unfortunately, PHP’s built-in openssl functions are rather limited when it comes to generating RSA keypairs, so I had to rely on making calls directly against openssl when generating a keypair. This works great on a Linux server but is currently untested on Windows (although I have a feeling it would work as long as the folder where OpenSSL lives was added to the system path).

Download
You can download Semisecure Login Reimagined at its official Wordpress page. Additional information, such as installation instructions and changelog, are located there as well.

Requirements

• Wordpress: 2.1 to 2.5.1 (2.5.1 is the latest version at the time of this post)
• PHP: 4 or 5 (tested as far back as 4.4.6 and up to 5.2.6)
• OpenSSL (initial keypair generation is handled by direct calls, while decryption is handled by built-in PHP functions)

All tests were performed on various Linux servers. PHP’s program execution functions need to be enabled for the initial keypair generation (safe mode should also be disabled for this). After the keypair is generated, it’s safe to go ahead and re-disable these functions and/or re-enable safe mode. Everyday use of this plugin relies on PHP’s built-in openssl functions.

Update (6/13/08)
As of v1.1.0, keypair generation will work even if safe mode is enabled or the PHP execution fuctions have been disabled. This alternative keypair generation mode will only work if you’re running PHP 5.2.0 or greater, however.