Jump to content

Password encryption


Recommended Posts

Guest nameless1

Hy 2 all,

 

I have some questions about password security that I haven't been able to find an answer yet.  :confused: 

Hopefully you guys know.

 

Here it goes:

 

1. Is it better to hash(sha2) the password and then salt it or salt it and than hash it ?

2. I'm guessing that using a random salt is better than the same salt used for every password.

3. How can you generate a different random salt for each password ? I mean how will the login page know which random salt to mix with the hashed user inserted password and then to compare it with the password stored in the db. (an example would be great(for both: generating and authentication)

4. I saw some codes in which the salt and/or hash and/or password was split into two (ex: hash.salt1a.password.salt1b  or  password1a.salt.password1b  or  salt.hash1a.password.hash1b  etc.) Is this a good idea ? Is it really more secure ? If so which would be more secure (splitting the password, the hash or the salt) ?

5. Is double hashing (ex: (sha1(md5($password))) any good ?

6. I've been reading something about password salt and pepper ?? What exactly is pepper ? Is it some sort of second salt ?

 

If somebody could enlighten me about these questions, that would be great.

 

Thanks in advance!

Link to comment
https://forums.phpfreaks.com/topic/261830-password-encryption/
Share on other sites

1. You should always salt pre-hash. SHA2 isn't great for passwords though, it's built for speed. http://php.net/manual/en/faq.passwords.php

2. A static salt is relatively pointless. The salt should be unique, and ideally random. It's not necessary to be cryptographically secure though.

3. You store the salt along with the final hash, and extract it when you're ready to compare. A salt doesn't need to be secret.

4. It doesn't matter. That's mostly fluff, and won't complicate the brute-force process much. Again, the salt isn't private information, you could even store it in it's own column, though I prefer simply appending it to the hash.

5. No, it actually increases the changes of a collision. If you feel you need to do something like that, instead use sha1(md5($password).$password). It's hard to explain why without getting deep into how hash algos work. There's plenty of info out there if you want to dive deeper.

6. From what I understand, pepper is a long, constant string you append to all passwords to add complexity. It's in addition to the salt. In the grand scheme of things, it doesn't add much, but it doesn't make it any less secure either. I always assume an attacker knows the process in which my passwords have been hashed, as a worst case in which a pepper wouldn't help.

 

Hope this helps. The article in my signature explains a lot about PHP and password storage, and offers a class I'd highly recommend - PHPass.

 

Let me know if I can help with more

Link to comment
https://forums.phpfreaks.com/topic/261830-password-encryption/#findComment-1341654
Share on other sites

This is a good link that someone on here pointed me to last year.

 

http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/

 

Also I read last week that sha1 in the sql statement gives a greater range of hashes than in the php.

Link to comment
https://forums.phpfreaks.com/topic/261830-password-encryption/#findComment-1341669
Share on other sites

Guest nameless1

Thanks for the helpful info guys  :D

 

I've been searching and reading for the last 2 days about PHP password Cryptographic hashing.

 

The most common and secure functions I came across were sha256/512 , bcrypt , HMAC , PBKDF2(Password-Based Key Derivation Function) and PHPass.

 

From what I've been reading speed is an enemy (http://codahale.com/how-to-safely-store-a-password/)

So I've been looking for the "slowest" secure hashing algorithm which I found is bcrypt and PHPass (http://www.openwall.com/phpass/).

 

Now I can't make up my mind which one to use.  :confused:

What do you guys think? Which one should I go with and why?

 

Just to make sure: bcrypt = crypt_blowfish right ?

 

Thanks in advance!

Link to comment
https://forums.phpfreaks.com/topic/261830-password-encryption/#findComment-1342271
Share on other sites

bcrypt is based on Blowfish.

 

PHP's crypt() implementation of Blowfish is actually bcrypt. PHPass uses this implementation, if available, and takes care of salting for you.

 

PHP's mcrypt(), however, uses the actual Blowfish cipher and is not meant for one-way hashing.

 

Blowfish is an encryption algo, designed to be two-way. bcrypt modifies this behaviour, causing it to be one-way. Here's more reading if you'd like, but it's not exactly for the novice user: http://static.usenix.org/events/usenix99/provos/provos_html/node4.html

 

SHA256 and SHA512 are both too fast to be ideal password hashing algos. This is where PBKDF2 comes in. It's a standardized 'framework' for stretching fast algorithms like MD5 or SHA, in the event that stronger algorithms aren't available.

 

HMAC, which is generally used for each iteration in PBKDF2, is a standard way of combining a salt and a string. It's pretty much doing

hashAlgo( $saltPart1 . hashAlgo( $saltPart2 . $pass ) );

Only with some XORs and splitting that we don't need to get in to. From what I understand, this helps avoid collision-based attacks that 'broken' algorithms suffer from, and not to help prevent brute-force attacks.

 

Again I suggest PHPass, because all the hard work is done for you. You can implement the class with ease, and know that it's an ideal, peer-reviewed solution that has the capability of properly implementing the strongest native methods PHP offers to protect password.

 

Let me know if you have further questions. You've done a lot of research, I can tell :D Most of this post is very simplified, and there are more subtleties beyond the scope of this forum that are easily researchable, if you so desire. I can provide links, but most of them involve pseudo-code or math similar to the link above.

 

As usual, I'd love if someone corrected any mistakes I might have made. I wouldn't consider myself an expert in the field, just a hobbyist.

Link to comment
https://forums.phpfreaks.com/topic/261830-password-encryption/#findComment-1342374
Share on other sites

Guest nameless1

Thanks xyph:D

 

If you could give me more links, that would be great. I don't understand them completely but I get big picture.

 

I've been reading a little about Eksblowfish and now I don't know which one is better, PHPass or Eksblowfish ?

 

I didn't find too much info about Eksblowfish tough.

For example how to implement it in a login system. Is the implementation similar to PHPass ? Is Eksblowfish built in php (like crypt_blowfish) ?

 

 

Link to comment
https://forums.phpfreaks.com/topic/261830-password-encryption/#findComment-1342727
Share on other sites

I'm referring to the title, I think what you want is called hashing and not encryption?

 

Also, I see xyph have filled you in with a lot of his knowledge, but I think one very simple and probably very obvious thing is missing, password complexity.

 

You may say it's the users fault for not using a more complex password, but you should really force that on them as well.

 

Maybe what I'm mentioning is a bit "given", idk.

Link to comment
https://forums.phpfreaks.com/topic/261830-password-encryption/#findComment-1342732
Share on other sites

PHPass implements Eksblowfish, if available on the server. It's just a wrapper that makes using it easy.

 

Eksblowfish IS bcrypt, just a more accurate name.

CRYPT_BLOWFISH in PHP is actually bcrypt, it's just badly named ;)

 

More reading:

 

http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php

 

http://en.wikipedia.org/wiki/Bcrypt

http://en.wikipedia.org/wiki/Hmac

http://en.wikipedia.org/wiki/Pbkdf2

 

The external links and reference links in those articles will give you hours and hours of reading.

 

I'm referring to the title, I think what you want is called hashing and not encryption?

 

Also, I see xyph have filled you in with a lot of his knowledge, but I think one very simple and probably very obvious thing is missing, password complexity.

 

You may say it's the users fault for not using a more complex password, but you should really force that on them as well.

 

Maybe what I'm mentioning is a bit "given", idk.

 

Agree completely, but it's hard to protect users from stupid passwords. Even if you require letters in both cases, number, and minimum length of 8, it's a lot of work to detect "1Aaaaaaa." I agree though, forcing a user to use a password of at least 8 characters is a great idea. Forcing them to use at least 1 symbol, 1 number, 1 lower case, 1 uppercase is probably a good idea as well, but starts interfering with UX. Regardless, no matter how "good" the password is it will always fail to a successful phishing attack - probably the most common way a user's password is stolen.

 

Openwall offers a really good password policy enforcement application, but it has to be run through the command line, rather than within PHP itself. http://www.openwall.com/passwdqc/

Link to comment
https://forums.phpfreaks.com/topic/261830-password-encryption/#findComment-1342735
Share on other sites

Guest nameless1

Well then if PHPass implements Eksblowfish/bcrypt/crypt_blowfish (when available), then I should definitely go with PHPass . In my opinion it is the most secure.

 

Now, phpass implements Eksblowfish where it's available. Does PHP 5.3 have Eksblowfish built in or do I need a newer PHP version ?

 

 

Link to comment
https://forums.phpfreaks.com/topic/261830-password-encryption/#findComment-1343022
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.