Page 1 of 1

password hashing

Posted: Wed May 02, 2012 7:43 am
by nameless.1
I've been searching and reading for the last 2 days about PHP password Cryptographic hashing.

The most common and secure functions I came across were sha256/512 , bcrypt , HMAC , PBKDF2(Password-Based Key Derivation Function) and PHPass.

From what I've been reading speed is an enemy (http://codahale.com/how-to-safely-store-a-password/)
So I've been looking for the "slowest" secure hashing algorithm which I found is bcrypt and PHPass (http://www.openwall.com/phpass/).

Now I can't make up my mind which one to use. :?:
What do you guys think? Which one should I go with and why?

Just to make sure:
1. bcrypt = crypt_blowfish right ?
2. bcrypt and PHPass are both hash + salt functions ? I mean I don't have to add salt, they already have the salt function built-in.

Thanks in advance!

Re: password hashing

Posted: Wed May 02, 2012 9:01 am
by Celauran
PHPass implements Blowfish when it's available, so it's the better choice. If Blowfish isn't available, it will make use of what is available whereas implementing crypt() directly would fail if Blowfish weren't available.

Re: password hashing

Posted: Wed May 02, 2012 9:49 am
by pickle
I don't know if there's any reason to use a 3rd party library when decent hashing is built-in.

Re: password hashing

Posted: Wed May 02, 2012 10:29 am
by Celauran
There is decent hashing built in, but what's available will depend on each server's configuration. You want to use blowfish when it's available, but you need a contingency for when it's not. You could certainly create your own library to handle this, but I'd sooner use something tried and tested. Surely a library developed and maintained by many people and subject to peer review will be better than anything I could manage alone. Plus, it saves me from having to waste time writing boiler plate code and allows me to get right to work on the project at hand.

Re: password hashing

Posted: Wed May 02, 2012 10:32 am
by pickle
Good point, if you're running 5.3-. From 5.3 on, PHP provides it's own implementation of the algorithms if the system doesn't provide them.

Re: password hashing

Posted: Wed May 02, 2012 10:37 am
by Celauran
pickle wrote:From 5.3 on, PHP provides it's own implementation of the algorithms if the system doesn't provide them.
I was not aware of this. Good to know.

Re: password hashing

Posted: Wed May 02, 2012 10:41 am
by pickle
I didn't until this morning either.

Re: password hashing

Posted: Fri May 04, 2012 10:40 pm
by cpellens
Any hash that uses a salt should be pretty sure. Even md5 should do just fine.

Re: password hashing

Posted: Sat May 05, 2012 7:17 am
by Celauran
cpellens wrote:Any hash that uses a salt should be pretty sure. Even md5 should do just fine.
Read the article the OP linked. md5 is worthless.

Re: password hashing

Posted: Mon May 07, 2012 3:26 am
by Mordred
With a deliberately slow hashing scheme, you can hit a performance problem if you hash on the server side; someone could DoS your auth server with a low volume of requests. Moving hashing to the client is not trivial though: if you simply send the hashed password, you turn your auth system into a plaintext one.

An additional mitigation tactic that would help against bruteforcing attacks is to use a site-wide "pepper" hardcoded in the source. A successful attack would then require access not only to the database, but to your source as well. The article in my sig discusses this in more detail.

Also, while MD5 is "too fast", you can still use it on legacy systems (and poorly featured browser hashing libraries) with appropriate [url=http://en.wikipedia.org/wiki/Key_stretching]key stretching[/key]. That said, using a modern hash like SHA256 is better.