Manual:Hashing
Appearance
Certain fields, parameters and variables are hashed in MediaWiki. Some of them use cryptographically broken functions such as MD5 and SHA-1. However, only one, user_password , has important security implications, and that field's security is enhanced by means of a password salt.
For the negative security implications of SHA-1 take a look to task T158986 where we track the migration to other hash functions, if needed.
Database fields
[edit]Table | Field | Purpose |
---|---|---|
archive | ar_sha1 | copy of revision.rev_sha1 |
bot_passwords | bp_password | for comparison of passwords (not md5/sha1 by default) |
filearchive | fa_storage_key | addressing / unique index - danger of collisions |
filearchive | fa_sha1 | copy of oldimage.oi_sha1 |
image | img_sha1 | advisory lookup of duplicate files - danger of collisions |
job | job_sha1 | |
oldimage | oi_sha1 | copy of image.img_sha1 |
revision | rev_sha1 | advisory for tools to discover duplicate content - some danger of collisions, but less likely in practice |
uploadstash | us_sha1 | seems unused, probably exists because all the other image-related tables have it |
user | user_password | for comparison of passwords (not md5/sha1 by default) |
API Parameters
[edit]Location | Parameter | Purpose |
---|---|---|
action=edit | md5= | Hash of the new text by the client to verify the text is not corrupted when the server receives it. |
prop=deletedrevisions | drvprop=sha1 | Request the return of the revision's sha1 hash (ar_sha1, I believe) |
prop=imageinfo | iiprop=sha1 | Request the return of the file's sha1 hash (img_sha1, oi_sha1, or fa_sha1, I believe) |
prop=revisions | rvprop=sha1 | Request the return of the revision's sha1 hash (rev_sha1) |
prop=stashimageinfo | siiprop=sha1 | Request the return of the stashed file's sha1 hash |
list=alldeletedrevisions | adrprop=sha1 | Request the return of each revision's sha1 hash (ar_sha1, I believe) |
list=allimages | aiprop=sha1 | Request the return of the file's sha1 hash (img_sha1, oi_sha1, or fa_sha1, I believe) |
list=allimages | aisha1= | Query against database field img_sha1 |
list=allimages | aisha1base36= | Query against database field img_sha1 |
list=allrevisions | arvprop=sha1 | Request the return of each revision's sha1 hash (rev_sha1, I believe) |
prop=revisions | drprop=sha1 | Request the return of database field rev_sha1 |
list=filearchive | fasha1= | Query against database field fa_sha1 |
list=filearchive | fasha1base36= | Query against database field fa_sha1 |
list=filearchive | faprop=sha1 | Request the return of the file's sha1 hash (fa_sha1, I believe) |
list=recentchanges | rcprop=sha1 | Request the return of each revision's sha1 hash (rev_sha1, I believe) |