Using new password_hash/verify

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Using new password_hash/verify

Post by Eric! »

I'm a little confused on how the automatic salt is supposed to work for the new PHP5.5 functions for hashing. The manual says: [text]It is strongly recommended that you do not generate your own salt for this function. It will create a secure salt automatically for you if you do not specify one. [/text]
This is something I've always used something like:

Code: Select all

mcrypt_create_iv(22, MCRYPT_DEV_URANDOM)
to build. Then I store the salt separately along with the password for verification later.

How does this work with allowing PHP to manage the salts? Or is this "secure salt" really a site-wide salt which is more like a pepper? Where does it get stored?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Using new password_hash/verify

Post by Celauran »

Works similarly to how bcrypt has, with all the information in the hashed password.

From password_verify() manual page:
Note that password_hash() returns the algorithm, cost and salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or algorithm information.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Using new password_hash/verify

Post by Eric! »

Right, but I don't see how that is supposed to help slow down rainbow table bruteforce attacks. The idea of the salt is to help strengthen each individual password with its own randomness. So every password is hashed with a fresh salt. These have to be stored somewhere and applied when verifying the password.

I would have to assume that password_hash reuses the same salt each time as it couldn't store a hidden salt somewhere every time it hashs. To me this means it is using some kind of pepper scheme, not a salt.

I read the author's description, so I guess I'll go in and have a look at the source code.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Using new password_hash/verify

Post by Weirdan »

I would have to assume that password_hash reuses the same salt each time as it couldn't store a hidden salt somewhere every time it hashs.
with all the information in the hashed password.
and no, it generates different hashes each time it's called:

Code: Select all

~❯ php -r 'var_dump(password_hash("password", PASSWORD_DEFAULT));'
string(60) "$2y$10$GZGQxfLEw84kT7xMsnF2.ub9nv6MJLp..HVdkMlhvp3OqyXdKACX."
~❯ php -r 'var_dump(password_hash("password", PASSWORD_DEFAULT));'
string(60) "$2y$10$tXCspX1WTpEy5Z8/n3PKz.Zn7r7ZiLOH00ds9ZrgJUgmq703jmAdK"
Salt is 22 characters following the last $ character. The rest is the hashed password.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Using new password_hash/verify

Post by Eric! »

Thanks. I saw that after looking through the source. That $2y is blowfish $10 is the cost then the salt+hash. My meager cryptography knowledge confused me with the language of the description that the "salt is included in the hash". I was thinking along the lines of other php hash functions

Code: Select all

$hash=hash('whirlpool',$salt.$string)
and there was no way to separate them after hashing. But they are doing it the crypt way where it is concatenated.
Post Reply