Guest nameless1 Posted April 30, 2012 Share Posted April 30, 2012 Hy 2 all, I have some questions about password security that I haven't been able to find an answer yet. Hopefully you guys know. Here it goes: 1. Is it better to hash(sha2) the password and then salt it or salt it and than hash it ? 2. I'm guessing that using a random salt is better than the same salt used for every password. 3. How can you generate a different random salt for each password ? I mean how will the login page know which random salt to mix with the hashed user inserted password and then to compare it with the password stored in the db. (an example would be great(for both: generating and authentication) 4. I saw some codes in which the salt and/or hash and/or password was split into two (ex: hash.salt1a.password.salt1b or password1a.salt.password1b or salt.hash1a.password.hash1b etc.) Is this a good idea ? Is it really more secure ? If so which would be more secure (splitting the password, the hash or the salt) ? 5. Is double hashing (ex: (sha1(md5($password))) any good ? 6. I've been reading something about password salt and pepper ?? What exactly is pepper ? Is it some sort of second salt ? If somebody could enlighten me about these questions, that would be great. Thanks in advance! Quote Link to comment Share on other sites More sharing options...
xyph Posted April 30, 2012 Share Posted April 30, 2012 1. You should always salt pre-hash. SHA2 isn't great for passwords though, it's built for speed. http://php.net/manual/en/faq.passwords.php 2. A static salt is relatively pointless. The salt should be unique, and ideally random. It's not necessary to be cryptographically secure though. 3. You store the salt along with the final hash, and extract it when you're ready to compare. A salt doesn't need to be secret. 4. It doesn't matter. That's mostly fluff, and won't complicate the brute-force process much. Again, the salt isn't private information, you could even store it in it's own column, though I prefer simply appending it to the hash. 5. No, it actually increases the changes of a collision. If you feel you need to do something like that, instead use sha1(md5($password).$password). It's hard to explain why without getting deep into how hash algos work. There's plenty of info out there if you want to dive deeper. 6. From what I understand, pepper is a long, constant string you append to all passwords to add complexity. It's in addition to the salt. In the grand scheme of things, it doesn't add much, but it doesn't make it any less secure either. I always assume an attacker knows the process in which my passwords have been hashed, as a worst case in which a pepper wouldn't help. Hope this helps. The article in my signature explains a lot about PHP and password storage, and offers a class I'd highly recommend - PHPass. Let me know if I can help with more Quote Link to comment Share on other sites More sharing options...
floridaflatlander Posted April 30, 2012 Share Posted April 30, 2012 This is a good link that someone on here pointed me to last year. http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/ Also I read last week that sha1 in the sql statement gives a greater range of hashes than in the php. Quote Link to comment Share on other sites More sharing options...
Guest nameless1 Posted May 2, 2012 Share Posted May 2, 2012 Thanks for the helpful info guys I've been searching and reading for the last 2 days about PHP password Cryptographic hashing. The most common and secure functions I came across were sha256/512 , bcrypt , HMAC , PBKDF2(Password-Based Key Derivation Function) and PHPass. From what I've been reading speed is an enemy (http://codahale.com/how-to-safely-store-a-password/) So I've been looking for the "slowest" secure hashing algorithm which I found is bcrypt and PHPass (http://www.openwall.com/phpass/). Now I can't make up my mind which one to use. What do you guys think? Which one should I go with and why? Just to make sure: bcrypt = crypt_blowfish right ? Thanks in advance! Quote Link to comment Share on other sites More sharing options...
xyph Posted May 2, 2012 Share Posted May 2, 2012 bcrypt is based on Blowfish. PHP's crypt() implementation of Blowfish is actually bcrypt. PHPass uses this implementation, if available, and takes care of salting for you. PHP's mcrypt(), however, uses the actual Blowfish cipher and is not meant for one-way hashing. Blowfish is an encryption algo, designed to be two-way. bcrypt modifies this behaviour, causing it to be one-way. Here's more reading if you'd like, but it's not exactly for the novice user: http://static.usenix.org/events/usenix99/provos/provos_html/node4.html SHA256 and SHA512 are both too fast to be ideal password hashing algos. This is where PBKDF2 comes in. It's a standardized 'framework' for stretching fast algorithms like MD5 or SHA, in the event that stronger algorithms aren't available. HMAC, which is generally used for each iteration in PBKDF2, is a standard way of combining a salt and a string. It's pretty much doing hashAlgo( $saltPart1 . hashAlgo( $saltPart2 . $pass ) ); Only with some XORs and splitting that we don't need to get in to. From what I understand, this helps avoid collision-based attacks that 'broken' algorithms suffer from, and not to help prevent brute-force attacks. Again I suggest PHPass, because all the hard work is done for you. You can implement the class with ease, and know that it's an ideal, peer-reviewed solution that has the capability of properly implementing the strongest native methods PHP offers to protect password. Let me know if you have further questions. You've done a lot of research, I can tell Most of this post is very simplified, and there are more subtleties beyond the scope of this forum that are easily researchable, if you so desire. I can provide links, but most of them involve pseudo-code or math similar to the link above. As usual, I'd love if someone corrected any mistakes I might have made. I wouldn't consider myself an expert in the field, just a hobbyist. Quote Link to comment Share on other sites More sharing options...
Guest nameless1 Posted May 3, 2012 Share Posted May 3, 2012 Thanks xyph! If you could give me more links, that would be great. I don't understand them completely but I get big picture. I've been reading a little about Eksblowfish and now I don't know which one is better, PHPass or Eksblowfish ? I didn't find too much info about Eksblowfish tough. For example how to implement it in a login system. Is the implementation similar to PHPass ? Is Eksblowfish built in php (like crypt_blowfish) ? Quote Link to comment Share on other sites More sharing options...
MMDE Posted May 3, 2012 Share Posted May 3, 2012 I'm referring to the title, I think what you want is called hashing and not encryption? Also, I see xyph have filled you in with a lot of his knowledge, but I think one very simple and probably very obvious thing is missing, password complexity. You may say it's the users fault for not using a more complex password, but you should really force that on them as well. Maybe what I'm mentioning is a bit "given", idk. Quote Link to comment Share on other sites More sharing options...
xyph Posted May 3, 2012 Share Posted May 3, 2012 PHPass implements Eksblowfish, if available on the server. It's just a wrapper that makes using it easy. Eksblowfish IS bcrypt, just a more accurate name. CRYPT_BLOWFISH in PHP is actually bcrypt, it's just badly named More reading: http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php http://en.wikipedia.org/wiki/Bcrypt http://en.wikipedia.org/wiki/Hmac http://en.wikipedia.org/wiki/Pbkdf2 The external links and reference links in those articles will give you hours and hours of reading. I'm referring to the title, I think what you want is called hashing and not encryption? Also, I see xyph have filled you in with a lot of his knowledge, but I think one very simple and probably very obvious thing is missing, password complexity. You may say it's the users fault for not using a more complex password, but you should really force that on them as well. Maybe what I'm mentioning is a bit "given", idk. Agree completely, but it's hard to protect users from stupid passwords. Even if you require letters in both cases, number, and minimum length of 8, it's a lot of work to detect "1Aaaaaaa." I agree though, forcing a user to use a password of at least 8 characters is a great idea. Forcing them to use at least 1 symbol, 1 number, 1 lower case, 1 uppercase is probably a good idea as well, but starts interfering with UX. Regardless, no matter how "good" the password is it will always fail to a successful phishing attack - probably the most common way a user's password is stolen. Openwall offers a really good password policy enforcement application, but it has to be run through the command line, rather than within PHP itself. http://www.openwall.com/passwdqc/ Quote Link to comment Share on other sites More sharing options...
Guest nameless1 Posted May 4, 2012 Share Posted May 4, 2012 Well then if PHPass implements Eksblowfish/bcrypt/crypt_blowfish (when available), then I should definitely go with PHPass . In my opinion it is the most secure. Now, phpass implements Eksblowfish where it's available. Does PHP 5.3 have Eksblowfish built in or do I need a newer PHP version ? Quote Link to comment Share on other sites More sharing options...
xyph Posted May 4, 2012 Share Posted May 4, 2012 PHP 5.3 has bcrypt (eksblowfish) bundled with it Quote Link to comment Share on other sites More sharing options...
Guest nameless1 Posted May 4, 2012 Share Posted May 4, 2012 THANKS 4 EVERYTHING Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.