Trezoid/Gaia suggestion.txt

## Gaia suggestion.txt
Alright. This is a multi-part proposal but relatively linked.

First, and most critically:[size=24][b] Stop storing passwords in un-salted MD5.
[/b][/size]
There are hundreds of reasons why MD5 (even salted) is a terrible idea, but Gaia isn't even salting passwords for storage.

The current method used for password storage and checking involves storing passwords in (hopefully) an MD5 hash, and the adding a salt at use so that they can say they salt passwords.

This is trivial to break and Doing It Wrong[size=7](tm)[/size].

As an absolutely [b]MINIMUM[/b] something that isn't fundamentally wrong for password storage should be used. BCrypt would be ideal, and is available from PHP making it very easy to transfer. Sure, you'd have to transition over a period of time (as a person logs in their password is first checked against the existing hash, and then hashed with bcrypt and stored instead of the MD5 hash.

The second thing that needs to be done [b]Immediately[/b] is[size=24] [b]secure login.[/b][/size]

The current login page sends the password to the back end completely un-encrypted, in plain text.

As things like Firesheep has shown, intercepting unencrypted cookies is [i]very[/i] easy. Again, this is Doing It Wrong.

For a while Gaia actually supported SSL login (using the HTTPS login) but they've since stopped supporting it or even sending responses to a client using a secure connection.

Most other major websites now [i]force[/i] people to use HTTPS for login, and often offer it for all browsing, but gaia doesn't [i]allow[/i] people to use HTTPS.

This makes accounts [i]extremely[/i] vulnerable and needs to be fixed.
	Alright. This is a multi-part proposal but relatively linked.

	First, and most critically:[size=24][b] Stop storing passwords in un-salted MD5.
	[/b][/size]
	There are hundreds of reasons why MD5 (even salted) is a terrible idea, but Gaia isn't even salting passwords for storage.

	The current method used for password storage and checking involves storing passwords in (hopefully) an MD5 hash, and the adding a salt at use so that they can say they salt passwords.

	This is trivial to break and Doing It Wrong[size=7](tm)[/size].

	As an absolutely [b]MINIMUM[/b] something that isn't fundamentally wrong for password storage should be used. BCrypt would be ideal, and is available from PHP making it very easy to transfer. Sure, you'd have to transition over a period of time (as a person logs in their password is first checked against the existing hash, and then hashed with bcrypt and stored instead of the MD5 hash.

	The second thing that needs to be done [b]Immediately[/b] is[size=24] [b]secure login.[/b][/size]

	The current login page sends the password to the back end completely un-encrypted, in plain text.

	As things like Firesheep has shown, intercepting unencrypted cookies is [i]very[/i] easy. Again, this is Doing It Wrong.

	For a while Gaia actually supported SSL login (using the HTTPS login) but they've since stopped supporting it or even sending responses to a client using a secure connection.

	Most other major websites now [i]force[/i] people to use HTTPS for login, and often offer it for all browsing, but gaia doesn't [i]allow[/i] people to use HTTPS.

	This makes accounts [i]extremely[/i] vulnerable and needs to be fixed.