SitePoint Sponsor

User Tag List

Results 1 to 23 of 23
  1. #1
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,904
    Mentioned
    93 Post(s)
    Tagged
    0 Thread(s)

    What's Your Prefered Hashing Method

    After getting the hang of the crypt() function it got me wondering what other hashing functions there were so I had a look and dug up two:

    • hash()
    • mcrypt()


    I put together this to see what sort of hash they would give out using password as the password (I would hope that no-one would ever use that as a password for a real site):

    PHP Code:
    <?php

    /*
    Hashing Functions Testing
    */

    $password 'password';
    $salt=str_shuffle('AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz012345678987654321');

    // hash (Using sha512)
    echo '<p>hash() using sha512</p>';
    $password1 hash_function($password,$salt);
    echo 
    "<p>Password: $password1</p>";

    // mcrypt (Using rijndael-256)
    echo '<p>mcrypt using rijndael-256</p>';
    $password1 mcrypt_function($password,$salt);
    echo 
    "<p>Password: $password1</p>";

    // crypt (Using sha512)
    echo '<p>crypt using sha512</p>';
    $password1 crypt_function($password,$salt);
    echo 
    "<p>Password: $password1</p>";

    function 
    hash_function($password,$salt) {
        
    $count=0;
        while (
    $count 5000 ) {
            
    $count=$count+1;
            
    $password hash('sha512',"$password.$salt");
        }
        
    $final_password $password;
        return 
    $final_password;
    }

    function 
    crypt_function($password,$salt) {
        
    $salt=substr($salt,0,16);
        
    $crypt_salt='$6$rounds=5000$'.$salt.'$';
        
    $password=crypt($password,$crypt_salt);
        
    $final_password $password;
        return 
    $final_password;
    }

    function 
    mcrypt_function($password,$salt) {
        
    $salt=substr($salt,0,32);
        
    $td mcrypt_module_open('rijndael-256''''ecb''');
        
    $iv mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
        
    mcrypt_generic_init($td$salt$iv);
        
    $password mcrypt_generic($td$password);
        
    mcrypt_generic_deinit($td);
        
    mcrypt_module_close($td);
        
    $final_password $password;
        return 
    $final_password;
    }
    ?>
    Output:

    hash() using sha512
    Password: 2730720b94c219014ed3e45e0d675d3ab86a7a4aad3a2f654e205af1ca5ea0f7c416b735a65e0d5b186ebadaf2ef06bf68f707a1efd24ea394eea74f8a92c34b
    mcrypt using rijndael-256

    Password: m vȂޕ/h$Hy"~

    crypt using sha512
    Password: $6$rounds=5000$K5NFMuw1koxQmA7G$8WuiGFmH7AxI5BmULbAhplz4nxMcz.1eHf6WfQKW4RfLDM2dO8VMOGCkaI1h97HIoYwvOvBYPRJfshHcaO479/
    At the moment I'm leaning towards using mcrypt with rijndael-256, reading up on rijndael-256 it appears that realistically it's uncrackable (well it looks like any hacker would need some ridiculously expensive and powerful hardware). Also the has string is shorter so won't take up so much disk space (assuming a site ever gets more then 1,000 members).

    What is you're preferred function (and algorithm) and why?
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  2. #2
    SitePoint Addict bronze trophy
    Join Date
    Apr 2013
    Location
    Ithaca
    Posts
    338
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)
    spl_object_hash()?

  3. #3
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,148
    Mentioned
    14 Post(s)
    Tagged
    0 Thread(s)
    Some quick comments:

    $salt=str_shuffle('AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz012345678987654321');
    This doesn't allow characters to repeat. So, for example, "A" can appear once and only once. That behavior reduces its randomness.

    $password = hash('sha512',"$password.$salt");
    There's what's called a length extension attack. Since the salt will be a known value, an attacker could "rewind" the hash function to its state before the salt was applied. That's why established algorithms such as PBKDF2 will use HMAC to combine the salt with the password.

    $td = mcrypt_module_open('rijndael-256', '', 'ecb', '');
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
    mcrypt_generic_init($td, $salt, $iv);
    $password = mcrypt_generic($td, $password);
    The problem here is that both the salt and the IV will be known values (otherwise you could never repeat the process, for example, to check if a user entered the correct password). And if both the salt and IV are known, then an attacker could -- rather simply -- decrypt the result and recover the password. The fatal flaw is that you used the salt to encrypt the password. You should have used the password to encrypt the salt. You're correct that AES/Rijndael is currently uncrackable, but how you use the algorithm is just as important as the algorithm itself. You need to be very, *very* careful. That's why it's best to use known-good algorithms (such as PBKDF2/bcrypt/scrypt) rather than to roll your own solution.

    Your best bet is to use the password hashing functions (new to PHP 5.5). This way, you won't have to specify an algorithm, a cost, or even a salt. It does it all for you, and it does it right. If you need to support versions of PHP earlier tha 5.5, then you can use this forward compatibility library.
    "First make it work. Then make it better."

  4. #4
    SitePoint Guru bronze trophy
    Join Date
    Dec 2003
    Location
    Poland
    Posts
    925
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Jeff Mott View Post
    Your best bet is to use the password hashing functions (new to PHP 5.5). This way, you won't have to specify an algorithm, a cost, or even a salt. It does it all for you, and it does it right. If you need to support versions of PHP earlier tha 5.5, then you can use this forward compatibility library.
    Are the new hashing passwords in PHP 5.5 basically identical (currently) to using crypt with blowfish, except easier to use?

  5. #5
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,148
    Mentioned
    14 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Lemon Juice View Post
    Are the new hashing passwords in PHP 5.5 basically identical (currently) to using crypt with blowfish, except easier to use?
    Correct. Easier to use, plus it will deal with the salt for you, because even trying to make your own salt can introduce mistakes. Now you don't need to know or do anything except to invoke hash and verify.
    "First make it work. Then make it better."

  6. #6
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,904
    Mentioned
    93 Post(s)
    Tagged
    0 Thread(s)
    Just trying the forward compatibility library, it looks like it has one or more bugs in it. On a single run the password_hash function gives as the hash for the password 'password':

    $2y$10$I4MNxYpsAEPxt5S/fy0csOw258RYIDcOSI8yBAKeQM.B0R9ua38hG
    In the password_verify function, using var_dump to get the has it has generated I get:

    $2y$10$I4MNxYpsAEPxt5S/fy0csO60fFYiJx4N6K0hgWNK.emI4cm57l7W.
    so the password will always be rejected.

    PHP Code:
    <?php

    // Pasword Functions test

    require_once 'password.php';

    $password 'password';
    $hash password_hash('$password',PASSWORD_BCRYPT);
    echo 
    "The password hash for the password '$password' is $hash";

    $password_info password_get_info($hash);
    var_dump($password_info);

    $match password_verify($password$hash);
    var_dump($match); 
    ?>
    That's the test code, the output from all that is:

    The password hash for the password 'password' is $2y$10$I4MNxYpsAEPxt5S/fy0csOw258RYIDcOSI8yBAKeQM.B0R9ua38hGarray (size=3)
    'algo' => int 1
    'algoName' => string 'bcrypt' (length=6)
    'options' =>
    array (size=1)
    'cost' => int 10
    string '$2y$10$I4MNxYpsAEPxt5S/fy0csO60fFYiJx4N6K0hgWNK.emI4cm57l7W.' (length=60)
    boolean false
    I don't have any plans to upgrade to php 5.5 for the time being
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  7. #7
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,148
    Mentioned
    14 Post(s)
    Tagged
    0 Thread(s)
    You may slap yourself over this one.

    $hash = password_hash('$password',PASSWORD_BCRYPT);
    Should be...

    $hash = password_hash($password,PASSWORD_BCRYPT);
    "First make it work. Then make it better."

  8. #8
    om nom nom nom Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,233
    Mentioned
    47 Post(s)
    Tagged
    1 Thread(s)
    interesting and slightly on-topic: http://www.unlimitednovelty.com/2012...se-bcrypt.html

    what sucks about security is it must be performed by those who know little about it. Not all or even most car drivers can be mechanics, and most web sites are not built by sec guys and cypherpunks. Libraries built by these people for use by the rest of us === jawsome.

    We use Python so we use passlib.

  9. #9
    SitePoint Guru bronze trophy
    Join Date
    Dec 2003
    Location
    Poland
    Posts
    925
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Stomme poes View Post
    interesting and slightly on-topic: http://www.unlimitednovelty.com/2012...se-bcrypt.html

    what sucks about security is it must be performed by those who know little about it. Not all or even most car drivers can be mechanics, and most web sites are not built by sec guys and cypherpunks. Libraries built by these people for use by the rest of us === jawsome.
    Interesting article, however while the author clearly states "don't use bcrypt" his arguments for doing so sound weak to me. The only one seem to be that bcrypt has been less studied than PBKDF2, which is not clear to me either from reading this article since he doesn't back up this claim with any sources. The comment by perseids who disagrees with the author doesn't sound wrong, either.

    Having said that - I still don't know. You are right that most people don't know a lot about cryptography and so use the tools provided by available libraries. This is a very broad subject and would certainly require a LOT of time to study and we normal 'car drivers' don't have the time to do so. I have spent many, many hours reading about various password hashing methods and what I use is based on the opinion of experts I found most trustworthy - so I use bcrypt but how do I know if it's the best choice? I have no capability of checking this on my own. From time to time an article like this pops up somewhere, I think I have learned something new only to find out a counter argument by someone else and I'm back to square one.

    At least people are moving from using plain hashes, plain salted hashes and other self-invented algorithms to bcrypt - I think it's still much better than any of the former methods.

  10. #10
    om nom nom nom Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,233
    Mentioned
    47 Post(s)
    Tagged
    1 Thread(s)
    Interesting article, however while the author clearly states "don't use bcrypt" his arguments for doing so sound weak to me.
    It starts out with "don't use bcrypt" and then goes on to say "if you're using it already, fine"... because I think his point really wasn't any real issues with bcrypt itself, but with the mantra of "use bcrypt", and then tried to come up with some possible problems with bcrypt that certainly anyone simply told to use bcrypt or whatever wouldn't know about. Since they're somewhat theoretical, I wouldn't use this article as any actual reason NOT to use bcrypt.

    I suppose his real point is not to be too thoughtless with choosing something, or not to simply repeat to others "use x". <-- something I practically make my living doing :P

    I have no capability of checking this on my own.
    Yeah, this is our problem and I think libraries are for now the best answer for it. That said, since we are ultimately the ones responsible, we are probably required to do some homework when we can, at least so that if we hear "use bcrypt" we have some ideas why. Or, if we know where we could check if our libraries are indeed good enough, since we can't tell ourselves.

    At least people are moving from using plain hashes, plain salted hashes and other self-invented algorithms to bcrypt - I think it's still much better than any of the former methods.
    Agreed.

  11. #11
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    England
    Posts
    695
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I tried to have this conversation on here before and it degraded into *****iness. Personally I think that the average developer doesn't understand how these work or why one is better than another. What I do believe is that people who know a lot more about these things than most of us recommend bcrypt. I use bcrypt mostly because of this. I know quite a bit about the subject, but not enough to argue for or against bcrypt. I just go with the experts.

    One thing I do agree on though is that if it can be decrypted, it's unsuitable. Hash, don't encrypt

  12. #12
    SitePoint Member
    Join Date
    Oct 2013
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    md5() works fine with me.

  13. #13
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    England
    Posts
    695
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Troll

  14. #14
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,011
    Mentioned
    56 Post(s)
    Tagged
    0 Thread(s)
    I don't get how overlapping crypts are supposed to be hackable, especially with random salt.. md5(md5($password).$salt) Without access to the algorythm, how do you unwork that? Aren't hashes supposed to be destructive, in that there is no way to retrieve the input data for certain once the algorythm runs?

    I've been using PHP 5.5's password methods because I know I'm no expert. Still, I used the algorythm above, which I first saw in vbulletin 3, for many years and never had a server compromised. What gives?

  15. #15
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    England
    Posts
    695
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    The point is that with brute-forcing it still doesn't take long to calculate an md5() value, compared to, say, a bcrypt value. Plus collisions are more probable in md5()

  16. #16
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,011
    Mentioned
    56 Post(s)
    Tagged
    0 Thread(s)
    How do you brute force a 3 strikes system that blocks further tries for 15 minutes? And who doesn't use a striking system specifically to halt bruting?

  17. #17
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    England
    Posts
    695
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    If I have your data, why would I be entering it into your application to work it out though? Presumably you store your random salts alongside the hash value, yes? Oh, and does your application specify a password policy? Such as 7 characters, contains one number, one symbol and at least one character of both upper and lower case? Makes it much simpler to know what is a genuine password and what's not pretty quickly. I have all of your passwords, remember, not just one. Makes it MUCH easier to work out your relatively simple algorithm, even without your source

  18. #18
    SitePoint Guru bronze trophy
    Join Date
    Dec 2003
    Location
    Poland
    Posts
    925
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Michael Morris View Post
    How do you brute force a 3 strikes system that blocks further tries for 15 minutes? And who doesn't use a striking system specifically to halt bruting?
    This is irrelevant here, the purpose of strong hashing techniques is not to stop brute forcing over the network through a system protected with a striking system. From this perspective you can store all passwords in plain text and it will be just as secure. The point is what an hacker can do once he gets hold of your database.

  19. #19
    om nom nom nom Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,233
    Mentioned
    47 Post(s)
    Tagged
    1 Thread(s)
    Wasn't md5 created more for checksumming rather than protection?

  20. #20
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,148
    Mentioned
    14 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Lemon Juice View Post
    The point is what an hacker can do once he gets hold of your database.
    A recent-ish real-life example for everyone:

    http://www.telegraph.co.uk/technolog...ata-theft.html

    and

    http://www.bbc.co.uk/news/business-13636704
    "First make it work. Then make it better."

  21. #21
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,011
    Mentioned
    56 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Lemon Juice View Post
    The point is what an hacker can do once he gets hold of your database.
    I would hope that PHP isn't guarding the database, or hashing the passwords used to access the database.

    I mean, it really doesn't matter how tight the lock is on your jewelry box, if the house is unlocked the attacker can walk in, take the box, and crack it at leisure.

    (The only real point of home security safes is fire protection in my opinion, unless they are bolted down somehow or too large for two men to lift easily).

  22. #22
    SitePoint Guru bronze trophy
    Join Date
    Dec 2003
    Location
    Poland
    Posts
    925
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Stomme poes View Post
    Wasn't md5 created more for checksumming rather than protection?
    Certainly yes. But I'd say that md5 can be safe for password hashing provided you have a very strong and long password (unless a vulnerability in md5 was found that enables reverse engineering the original string from the hash). The problem is that most people's passwords can be brute forced by a dictionary attack and using a fast algorithm as md5 makes this task really easy. Once the password is strong then the hacker's only method is brute forcing all possible combinations, which gets really hard for strong passwords. But I wouldn't be surprised if even this became feasible soon considering the advances in processing power.

    Quote Originally Posted by Michael Morris View Post
    I would hope that PHP isn't guarding the database, or hashing the passwords used to access the database.

    I mean, it really doesn't matter how tight the lock is on your jewelry box, if the house is unlocked the attacker can walk in, take the box, and crack it at leisure.

    (The only real point of home security safes is fire protection in my opinion, unless they are bolted down somehow or too large for two men to lift easily).
    I don't really see your point, are you presenting some argument against what I said or is this an unrelated statement about security? Of course, you are right but I don't think a jewelry box is a good analogy because I'd imagine you can't really make a box that can't be broken by force with any existing equipment and once you get to the content you can sell it and become a rich man, in other words the burglar can do the real damage. Hashing password is more like keeping your mobile phones and laptops password protected on the hardware level. This will not prevent the thief from taking your equipment but he will not be able to do anything with it if he doesn't know the passwords or can brake the protections. And what's more, the protections are only for the passwords, other data is there for the taking. It's a bit disappointing that hashing passwords takes care of only such a small fraction of security. Did anyone think that hashing prevents against breaking the server?

  23. #23
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,148
    Mentioned
    14 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Michael Morris View Post
    I would hope that PHP isn't guarding the database, or hashing the passwords used to access the database.
    It's hashing user passwords, so that this bit of user data can't be read even if the database is exposed.

    Quote Originally Posted by Michael Morris View Post
    I mean, it really doesn't matter how tight the lock is on your jewelry box, if the house is unlocked the attacker can walk in, take the box, and crack it at leisure.
    We use specially designed, time-consuming algorithms so that "at their leisure" still means decades or longer.
    "First make it work. Then make it better."


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •