Manual:Hashing

From MediaWiki.org
Jump to navigation Jump to search

Certain fields, parameters and variables are hashed in MediaWiki. Some of them use cryptographically broken functions such as MD5 and SHA-1. However, only one, user_password , has important security implications, and that field's security is enhanced by means of a password salt.

For the negative security implications of SHA-1 take a look to task T158986 where we track the migration to other hash functions, if needed.

Database fields[edit]

Table Field Purpose
archive ar_sha1 copy of revision.rev_sha1
bot_passwords bp_password for comparison of passwords (not md5/sha1 by default)
filearchive fa_storage_key addressing / unique index - danger of collisions
filearchive fa_sha1 copy of oldimage.oi_sha1
image img_sha1 advisory lookup of duplicate files - danger of collisions
job job_sha1
oldimage oi_sha1 copy of image.img_sha1
revision rev_sha1 advisory for tools to discover duplicate content - some danger of collisions, but less likely in practice
uploadstash us_sha1 seems unused, probably exists because all the other image-related tables have it
user user_password for comparison of passwords (not md5/sha1 by default)

API Parameters[edit]

Location Parameter Purpose
action=edit md5= Hash of the new text by the client to verify the text is not corrupted when the server receives it.
prop=deletedrevisions drvprop=sha1 Request the return of the revision's sha1 hash (ar_sha1, I believe)
prop=imageinfo iiprop=sha1 Request the return of the file's sha1 hash (img_sha1, oi_sha1, or fa_sha1, I believe)
prop=revisions rvprop=sha1 Request the return of the revision's sha1 hash (rev_sha1)
prop=stashimageinfo siiprop=sha1 Request the return of the stashed file's sha1 hash
list=alldeletedrevisions adrprop=sha1 Request the return of each revision's sha1 hash (ar_sha1, I believe)
list=allimages aiprop=sha1 Request the return of the file's sha1 hash (img_sha1, oi_sha1, or fa_sha1, I believe)
list=allimages aisha1= Query against database field img_sha1
list=allimages aisha1base36= Query against database field img_sha1
list=allrevisions arvprop=sha1 Request the return of each revision's sha1 hash (rev_sha1, I believe)
prop=revisions drprop=sha1 Request the return of database field rev_sha1
list=filearchive fasha1= Query against database field fa_sha1
list=filearchive fasha1base36= Query against database field fa_sha1
list=filearchive faprop=sha1 Request the return of the file's sha1 hash (fa_sha1, I believe)
list=recentchanges rcprop=sha1 Request the return of each revision's sha1 hash (rev_sha1, I believe)