Storing passwords in database

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
PhpMachine
Forum Commoner
Posts: 42
Joined: Thu Apr 19, 2007 11:26 am

Storing passwords in database

Post by PhpMachine »

Hi all

I've heard that the SHA-1 hash-algoritm is 50% "broken".
http://www.schneier.com/blog/archives/2 ... roken.html

What is the "best" way in creating passwords and store them in a database?

1. Password + salt (a random salt for each user, saved in clear-text):
sha1(pwd + random_salt)

2. Or something nested, like:
sha1(sha1(pdw) || md5(pwd+salt))

Is it more safe to combine the salt with another constant in the user-table?
For instance, an ID-column/registration_date?

And maybe it's time to replace sha1 with another hash-function?
For instance sha512 (64 characters)?

Thanks in advance
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

Personally, I use MySQL's AES_ENCRYPT() function. It's very secure, and it's encryption rather than hashing so you can send a user their actual password if they forget it rather than generating a new one for them.
User avatar
dibyendrah
Forum Contributor
Posts: 491
Joined: Wed Oct 19, 2005 5:14 am
Location: Nepal
Contact:

Post by dibyendrah »

Why don't you use password function of mysql ?

Code: Select all

password('pass')
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You are never supposed to use the password function in MySQL. They even say that right in the documentation.

Double hashing isn't more secure, in fact it's less.

If you want something reversible, go with an actual encryption like onion2k suggested, or use a higher power hash such as the SHA256 library I've provided for a few years now.
PhpMachine
Forum Commoner
Posts: 42
Joined: Thu Apr 19, 2007 11:26 am

Post by PhpMachine »

Hi all

Is AES_ENCRYPT() really more safe?
If a person get access to the database and the PHP-code, then this person can decrypt the password easily.

If you have a strong SHA-512 hash of the password, then the user won't be able to see the actuall password, right?

Then, isn't SHA more safe than AES?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

AES and SHA have two different goals. The former is strong encryption. The latter is (strong) hashing. They do different things.

As I said, if you want it reversible, use AES or other encryptions. If you don't want it reversible, use a higher power hash than SHA1.
PhpMachine
Forum Commoner
Posts: 42
Joined: Thu Apr 19, 2007 11:26 am

Post by PhpMachine »

Exactly

But which which one of them is the most secure one?
A very strong hash is then more secure than the encrypt method, right?
Last edited by PhpMachine on Sun Jun 17, 2007 9:28 am, edited 2 times in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

There is no "best." There is only "what fits your needs," which have not been specified.
PhpMachine
Forum Commoner
Posts: 42
Joined: Thu Apr 19, 2007 11:26 am

Post by PhpMachine »

Hi Feyd.

Im developing a website to a friend of mine that runs an own company.
In this websajt, users can register and buy products etc.

Im using MySQL and PHP (they both run on the same server in a DMZ).

Now I want to secure the passwords in the user-table to a higher level.
Right now I use only sha1(password), which is not good.

That is why I started this thread.

Now I think Im going to use either hash("sha256") or the encryption method
onion2k suggested.

I think it will be sha256 (with a salt), because an encrypted password is easy to decrypt
if the hacker finds the enc/dec-key.

Thank you for your replies.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You have two choices: be able to decrypt the password for the user, or not. Both methods have their merits. I can't make that decision for you.

If you're going to use sha256, I suggest you use the library I've built as it will use the hash() function if it's available, but if not, it will perform the hash itself.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

2^69? That still is more than the expected complexity to find a collision in md5 ever was ;) (even if the effort for calculating one md5 hash was the same as for one sha-1 hash).
I'm not losing any sleep over having e.g. my forum or internet provider password stored as sha-1 ...yet. A brute-force over all ascii-8 passwords up to a length of 10, 12 or 14 characters is still far more efficient. It really depends on the level of security you need ... and for how long, e.g. is it important in 5 or 10 years?
And by the way, according to http://www.cryptography.com/cnews/hash.html the hmac versions are not affected.

And yes, a salt is a good idea. It is e.g. helpful against rainbow table attacks.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

PhpMachine wrote:If a person get access to the database and the PHP-code, then this person can decrypt the password easily.
Once someone has access to the PHP code and the database then you have to consider that all the data is compromised regardless of what code you used to put them in there. If you've hashed the passwords using SHA256 for example, with a salt, then the attacker will know that (because they have the code), they'll know what salt you've used (because they have the code), and thus a basic brute force attack will break all the passwords in the database relatively quickly.

If the attacker manages to only steal the database and the not the code then AES and SHA are about as good as one another.

The only thing you really need to decide on is whether or want to generate new passwords or retrieve the existing password if a user forgets theirs. I prefer to retrieve their existing password. I find it's friendlier, and it makes users less likely to change their password to something obvious.
staar2
Forum Commoner
Posts: 83
Joined: Fri Apr 06, 2007 2:57 am

Post by staar2 »

you could use something like this
1.Define constant DEFINE('ADDWORD', 'MYUNICWORD');
2.then add in php md5(ADDWORD +time());
3.Make query to database. :roll:
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

staar2 wrote:you could use something like this
1.Define constant DEFINE('ADDWORD', 'MYUNICWORD');
2.then add in php md5(ADDWORD +time());
3.Make query to database. :roll:
Out of curiosity, is this referring to a salt based on the date of registration?
Post Reply