password hashing

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
nameless.1
Forum Newbie
Posts: 1
Joined: Wed May 02, 2012 7:39 am

password hashing

Post by nameless.1 »

I've been searching and reading for the last 2 days about PHP password Cryptographic hashing.

The most common and secure functions I came across were sha256/512 , bcrypt , HMAC , PBKDF2(Password-Based Key Derivation Function) and PHPass.

From what I've been reading speed is an enemy (http://codahale.com/how-to-safely-store-a-password/)
So I've been looking for the "slowest" secure hashing algorithm which I found is bcrypt and PHPass (http://www.openwall.com/phpass/).

Now I can't make up my mind which one to use. :?:
What do you guys think? Which one should I go with and why?

Just to make sure:
1. bcrypt = crypt_blowfish right ?
2. bcrypt and PHPass are both hash + salt functions ? I mean I don't have to add salt, they already have the salt function built-in.

Thanks in advance!
User avatar
Celauran
Moderator
Posts: 6425
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: password hashing

Post by Celauran »

PHPass implements Blowfish when it's available, so it's the better choice. If Blowfish isn't available, it will make use of what is available whereas implementing crypt() directly would fail if Blowfish weren't available.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: password hashing

Post by pickle »

I don't know if there's any reason to use a 3rd party library when decent hashing is built-in.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
Celauran
Moderator
Posts: 6425
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: password hashing

Post by Celauran »

There is decent hashing built in, but what's available will depend on each server's configuration. You want to use blowfish when it's available, but you need a contingency for when it's not. You could certainly create your own library to handle this, but I'd sooner use something tried and tested. Surely a library developed and maintained by many people and subject to peer review will be better than anything I could manage alone. Plus, it saves me from having to waste time writing boiler plate code and allows me to get right to work on the project at hand.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: password hashing

Post by pickle »

Good point, if you're running 5.3-. From 5.3 on, PHP provides it's own implementation of the algorithms if the system doesn't provide them.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
Celauran
Moderator
Posts: 6425
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: password hashing

Post by Celauran »

pickle wrote:From 5.3 on, PHP provides it's own implementation of the algorithms if the system doesn't provide them.
I was not aware of this. Good to know.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: password hashing

Post by pickle »

I didn't until this morning either.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
cpellens
Forum Newbie
Posts: 1
Joined: Fri May 04, 2012 10:35 pm

Re: password hashing

Post by cpellens »

Any hash that uses a salt should be pretty sure. Even md5 should do just fine.
User avatar
Celauran
Moderator
Posts: 6425
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: password hashing

Post by Celauran »

cpellens wrote:Any hash that uses a salt should be pretty sure. Even md5 should do just fine.
Read the article the OP linked. md5 is worthless.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: password hashing

Post by Mordred »

With a deliberately slow hashing scheme, you can hit a performance problem if you hash on the server side; someone could DoS your auth server with a low volume of requests. Moving hashing to the client is not trivial though: if you simply send the hashed password, you turn your auth system into a plaintext one.

An additional mitigation tactic that would help against bruteforcing attacks is to use a site-wide "pepper" hardcoded in the source. A successful attack would then require access not only to the database, but to your source as well. The article in my sig discusses this in more detail.

Also, while MD5 is "too fast", you can still use it on legacy systems (and poorly featured browser hashing libraries) with appropriate [url=http://en.wikipedia.org/wiki/Key_stretching]key stretching[/key]. That said, using a modern hash like SHA256 is better.
Post Reply