Extension:SecurePasswords

What can this extension do?
SecurePasswords is currently the only MediaWiki extension that can provide peace of mind to wiki owners that their wiki accounts are secure. It combines secure, uncrackable password hashes with a configurable set of options to enforce when setting new passwords to ensure that user accounts do not fall victim to random password-cracking attempts.

From the front-end, you can enforce security policies on passwords by configuring the $wgValidPasswords variable:
 * Enforce a minimum password length to deter brute force attacks
 * Enforce that passwords need to contain a mixture of lowercase, uppercase, digits, and symbols (or any combination of the four that you see fit)
 * Enforce that the password cannot be the same as the username
 * Enforce that the password cannot be a word or a combination of words in the Dictionary
 * And many more features, including password expiration, coming soon

From the back-end, you can rest assured knowing that only hashing algorithms that have not been cracked or that would require an infeasible amount of effort to crack were selected in hashing the passwords. To ensure extra security, the hashes use the HMAC format, which requires a secret key in order to replicate or crack the hash. To top it off, SecurePasswords hashes the password not once, but twice using yet another secure hash in HMAC format (both hashes chosen are random, but guaranteed to be secure, and they each use different secret keys). Then, the hash is encrypted using yet another secret key before finally being stored in the database in binary format. For those keeping track, that's over five layers of security governing the password hash stored in the database, which ensures that even in the event of a database leak, there is no way that an attacker can steal someone's credentials on the wiki.

Prerequisites
Before installing this extension, make sure that the following PHP extensions are installed. This extension will not work without them:
 * mcrypt
 * zlib

In addition, it is also recommended that you install the following PHP extension as well in order to enable additional functionality (although it is not required):
 * pspell - allows checking passwords against a dictionary

Installation
To install this extension, unpack the extension to /extensions (it should create a new directory called SecurePasswords).

Then, execute the securepasswords.sql file either via the sql.php maintenance script or directly into MySQL (be sure to add the correct prefix to the tables if doing the latter). This will expand the password fields in the user table to allow more characters to be stored into them (otherwise most of the hashes will be truncated, which means your users will not be able to log in)

Finally, add the following near the end of your LocalSettings.php file:

Configuration parameters
$wgValidPasswords is an associative array of what to check for when validating new passwords. The default values and descriptions are below:

$wgSecurePasswordsSpecialChars is a character class of special characters checked for if 'special' is true in $wgValidPasswords. Characters that have special meanings in regular expressions must be escaped with "\". The default value is below:

$wgSecurePasswordsSecretKeys is an array of three secret keys to be used when hashing passwords. These keys, once set, should never be changed and should never be shared with anyone, as they are used when hashing and encrypting the password hashes. An example value is below:

Caveats

 * Passwords hashed without this extension and current passwords that do not meet the strength criteria will still work, but this extension will make no effort to contact these users to change their passwords to take advantage of the new security.
 * The message override to explain the restrictions is an utter hack. As such, changes you make to MediaWiki:Securepasswords-password might or might not work (I'm not entirely sure).
 * Changing $wgSecurePasswordsSecretKeys after it has been set up will render every old hash using the old secret keys useless, so don't change the keys unless you absolutely must.

Changelog

 * Version 2.0: Refactor code to no longer depend on $wgSecretKey. In addition, the dependencies on mcrypt and zlib are now required, and only strong hash types (in hmac format) are used to hash passwords. Backwards-compatibility with version 1.x maintained. Now beta.
 * Version 1.1: Removed the 'maxlength' parameter to $wgValidPasswords, moved the special characters into a global, overrides the default "Invalid password" message with a custom one explaining the restrictions (albeit in an utterly-hacked way).
 * Version 1.0: Initial version. Experimental.