Storing passwords in database
Moderator: General Moderators
-
PhpMachine
- Forum Commoner
- Posts: 42
- Joined: Thu Apr 19, 2007 11:26 am
Storing passwords in database
Hi all
I've heard that the SHA-1 hash-algoritm is 50% "broken".
http://www.schneier.com/blog/archives/2 ... roken.html
What is the "best" way in creating passwords and store them in a database?
1. Password + salt (a random salt for each user, saved in clear-text):
sha1(pwd + random_salt)
2. Or something nested, like:
sha1(sha1(pdw) || md5(pwd+salt))
Is it more safe to combine the salt with another constant in the user-table?
For instance, an ID-column/registration_date?
And maybe it's time to replace sha1 with another hash-function?
For instance sha512 (64 characters)?
Thanks in advance
I've heard that the SHA-1 hash-algoritm is 50% "broken".
http://www.schneier.com/blog/archives/2 ... roken.html
What is the "best" way in creating passwords and store them in a database?
1. Password + salt (a random salt for each user, saved in clear-text):
sha1(pwd + random_salt)
2. Or something nested, like:
sha1(sha1(pdw) || md5(pwd+salt))
Is it more safe to combine the salt with another constant in the user-table?
For instance, an ID-column/registration_date?
And maybe it's time to replace sha1 with another hash-function?
For instance sha512 (64 characters)?
Thanks in advance
- dibyendrah
- Forum Contributor
- Posts: 491
- Joined: Wed Oct 19, 2005 5:14 am
- Location: Nepal
- Contact:
Why don't you use password function of mysql ?
Code: Select all
password('pass')- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
You are never supposed to use the password function in MySQL. They even say that right in the documentation.
Double hashing isn't more secure, in fact it's less.
If you want something reversible, go with an actual encryption like onion2k suggested, or use a higher power hash such as the SHA256 library I've provided for a few years now.
Double hashing isn't more secure, in fact it's less.
If you want something reversible, go with an actual encryption like onion2k suggested, or use a higher power hash such as the SHA256 library I've provided for a few years now.
-
PhpMachine
- Forum Commoner
- Posts: 42
- Joined: Thu Apr 19, 2007 11:26 am
-
PhpMachine
- Forum Commoner
- Posts: 42
- Joined: Thu Apr 19, 2007 11:26 am
Exactly
But which which one of them is the most secure one?
A very strong hash is then more secure than the encrypt method, right?
But which which one of them is the most secure one?
A very strong hash is then more secure than the encrypt method, right?
Last edited by PhpMachine on Sun Jun 17, 2007 9:28 am, edited 2 times in total.
-
PhpMachine
- Forum Commoner
- Posts: 42
- Joined: Thu Apr 19, 2007 11:26 am
Hi Feyd.
Im developing a website to a friend of mine that runs an own company.
In this websajt, users can register and buy products etc.
Im using MySQL and PHP (they both run on the same server in a DMZ).
Now I want to secure the passwords in the user-table to a higher level.
Right now I use only sha1(password), which is not good.
That is why I started this thread.
Now I think Im going to use either hash("sha256") or the encryption method
onion2k suggested.
I think it will be sha256 (with a salt), because an encrypted password is easy to decrypt
if the hacker finds the enc/dec-key.
Thank you for your replies.
Im developing a website to a friend of mine that runs an own company.
In this websajt, users can register and buy products etc.
Im using MySQL and PHP (they both run on the same server in a DMZ).
Now I want to secure the passwords in the user-table to a higher level.
Right now I use only sha1(password), which is not good.
That is why I started this thread.
Now I think Im going to use either hash("sha256") or the encryption method
onion2k suggested.
I think it will be sha256 (with a salt), because an encrypted password is easy to decrypt
if the hacker finds the enc/dec-key.
Thank you for your replies.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
You have two choices: be able to decrypt the password for the user, or not. Both methods have their merits. I can't make that decision for you.
If you're going to use sha256, I suggest you use the library I've built as it will use the hash() function if it's available, but if not, it will perform the hash itself.
If you're going to use sha256, I suggest you use the library I've built as it will use the hash() function if it's available, but if not, it will perform the hash itself.
2^69? That still is more than the expected complexity to find a collision in md5 ever was
(even if the effort for calculating one md5 hash was the same as for one sha-1 hash).
I'm not losing any sleep over having e.g. my forum or internet provider password stored as sha-1 ...yet. A brute-force over all ascii-8 passwords up to a length of 10, 12 or 14 characters is still far more efficient. It really depends on the level of security you need ... and for how long, e.g. is it important in 5 or 10 years?
And by the way, according to http://www.cryptography.com/cnews/hash.html the hmac versions are not affected.
And yes, a salt is a good idea. It is e.g. helpful against rainbow table attacks.
I'm not losing any sleep over having e.g. my forum or internet provider password stored as sha-1 ...yet. A brute-force over all ascii-8 passwords up to a length of 10, 12 or 14 characters is still far more efficient. It really depends on the level of security you need ... and for how long, e.g. is it important in 5 or 10 years?
And by the way, according to http://www.cryptography.com/cnews/hash.html the hmac versions are not affected.
And yes, a salt is a good idea. It is e.g. helpful against rainbow table attacks.
Once someone has access to the PHP code and the database then you have to consider that all the data is compromised regardless of what code you used to put them in there. If you've hashed the passwords using SHA256 for example, with a salt, then the attacker will know that (because they have the code), they'll know what salt you've used (because they have the code), and thus a basic brute force attack will break all the passwords in the database relatively quickly.PhpMachine wrote:If a person get access to the database and the PHP-code, then this person can decrypt the password easily.
If the attacker manages to only steal the database and the not the code then AES and SHA are about as good as one another.
The only thing you really need to decide on is whether or want to generate new passwords or retrieve the existing password if a user forgets theirs. I prefer to retrieve their existing password. I find it's friendlier, and it makes users less likely to change their password to something obvious.
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm