Extension:SecurePasswords

What can this extension do?
SecurePasswords is currently the only MediaWiki extension that can provide peace of mind to wiki owners that their wiki accounts are secure. It combines secure password hashes in the bcrypt format (optionally encrypted) with a configurable set of options to enforce when setting new passwords to ensure that user accounts do not fall victim to random password-cracking attempts.

From the front-end, you can enforce security policies on passwords by configuring the $wgValidPasswords variable:
 * Enforce a minimum password length to deter brute force attacks
 * Enforce that passwords need to contain a mixture of lowercase, uppercase, digits, and symbols (or any combination of the four that you see fit)
 * Enforce that the password cannot be the same as the username
 * Enforce that the password cannot be a word or a combination of words in the Dictionary (Requires either the "pspell" or "enchant" extensions for PHP, listed in )
 * Enforce password expiration either globally or on a per-group level (coming in 3.0 but not yet implemented)
 * Enforce a minimum password "strength" and show a strength checker on the password change form (coming in 3.0 but not yet implemented)
 * Enforce that a password was not previously used by that user (coming in 3.0 but not yet implemented)

From the back-end, you can rest assured knowing that the hash format in use is bcrypt, which is widely recognized as ideal for password hashing compared to other formats such as SHA or MD5 due to the fact that it is slow. While a slow hash function will not greatly affect you since you only need to hash each password a couple times, it is a great deterrent in the event someone manages to acquire the password hash, as it would take an obscenely long time to test billions of passwords for a match. If that isn't enough, you can optionally encrypt the passwords in the database, so a database leak would not expose your user's passwords.

Prerequisites
The following are required and SecurePasswords cannot run without them:
 * PHP version 5.3.7 or above. Versions lower than this suffer a vulnerability with the bcrypt hashing algorithm.

The following are optional but enable additional features:
 * mcrypt is needed for encrypting password hashes in the database. If you are upgrading from an earlier verson of SecurePasswords (version 1 or 2), this extension as well as and zlib are required instead.
 * pspell or enchant are needed for checking passwords against dictionary words or your own supplied wordlist.

Installation
To install this extension, unpack the extension to /extensions (it should create a new directory called SecurePasswords).

Then, execute the securepasswords.sql file either via the sql.php maintenance script or directly into MySQL (be sure to add the correct prefix to the tables if doing the latter). This will expand the password fields in the user table to allow more characters to be stored into them (otherwise most of the hashes will be truncated, which means your users will not be able to log in)

Finally, add the following near the end of your LocalSettings.php file:

Configuration parameters
$wgValidPasswords is an associative array of what to check for when validating new passwords. The default values and descriptions are below:

$wgSecurePasswordsSpecialChars is a character class of special characters checked for if 'special' is true in $wgValidPasswords. Characters that have special meanings in regular expressions must be escaped with "\". The default value is below:

$wgSecurePasswordRounds is the number of rounds used in the bcrypt hash algorithm. Allowed values are integers 1-31 (inclusive). The default of 10 should be sufficient, but you can also enable $wgSecurePasswordsAutoRounds to dynamically increase it if 10 is found to be hashing passwords too quickly. If that is enabled, a benchmark will be run whenever a new hash has to be generated (e.g. during user creation) to determine how many rounds results in a runtime of a least half a second (configurable via $wgSecurePasswordsAutoRoundsThreshold).

$wgSecurePasswordsExpiry is used to determine when passwords expire. This feature does not yet exist, and this section will be expanded once more information is known.

$wgSecurePasswordsEncryptPasswords specifies whether or not to encrypt the passwords in the database in addition to hashing them. If this is set, you must define $wgSecurePasswordsSecretKey to some random value to use as the encryption key. Ideally, this key would be found in a file include'd from LocalSettings.php that is not in any web accessible directory and is only readable by the web user. Changing this key will cause all previously encrypted passwords to become invalid -- the 3.0 release will include a maintenance script to safely decrypt all password hashes in the database so that you may change this value, but at this time that maintenance script does not exist.

$wgSecurePasswordsMigrateOnLogin controls whether or not users logging in that have password hashes not in the most recent SecurePasswords format will be migrated to the most recent SecurePasswords format, or only when they change their password. This has not yet been implemented, and currently only changing one's password will migrate the hash format.

$wgSecurePasswordsStrengthTuning allows one to control the strength checker. This feature does not exist yet, and will be documented once it does.

$wgSecurePasswordsAdditionalDictionary specifies an optional filename to check in addition to the normal dictionaries if word checking is enabled. This could be used, for example, to specify a dictionary of common passwords (such as the one that ships with John the Ripper) that is checked whenever a user attempts to set their password. The file format varies depending on if you are using pspell or enchant to check against the dictionary (if both are installed, pspell is used). For pspell, use the file format described here (a header line, and then one word per line). For enchant, simply have one word per line without any special header.

Old parameters
These configuration parameters only take effect if you are upgrading from an older version of SecurePasswords. If you are doing a fresh installation, do not configure these, leave them at the default. Certain backwards-compatibility features will be turned on if these are configured.

$wgSecurePasswordsSecretKeys is an array of three secret keys to be used when hashing passwords. These keys, once set, should never be changed and should never be shared with anyone, as they are used when hashing and encrypting the password hashes. An example value is below:

$wgSecurePasswordSpecialChars (typo of $wgSecurePasswordsSpecialChars) is retained for backwards compatibility. If specified, its value will overwrite that of the correctly-spelled $wgSecurePasswordsSpecialChars.

Caveats

 * The message override to explain the restrictions is an utter hack. As such, changes you make to MediaWiki:Securepasswords-password might or might not work (I'm not entirely sure).
 * Changing $wgSecurePasswordsSecretKeys (for installations upgrading from version 1 or 2) after it has been set up will render every old hash using the old secret keys useless, so don't change the keys unless you absolutely must.

Changelog

 * Version 3.0beta1: Major overhaul. Now uses bcrypt and supports enchant. Certain features (migrating hashes on login, strength checking, expiration, password history) are not yet implemented.
 * Version 2.0: Refactor code to no longer depend on $wgSecretKey. In addition, the dependencies on mcrypt and zlib are now required, and only strong hash types (in hmac format) are used to hash passwords. Backwards-compatibility with version 1.x maintained. Now beta.
 * Version 1.1: Removed the 'maxlength' parameter to $wgValidPasswords, moved the special characters into a global, overrides the default "Invalid password" message with a custom one explaining the restrictions (albeit in an utterly-hacked way).
 * Version 1.0: Initial version. Experimental.