Page 1 of 1

Using new password_hash/verify

Posted: Mon Nov 18, 2013 9:30 pm
by Eric!
I'm a little confused on how the automatic salt is supposed to work for the new PHP5.5 functions for hashing. The manual says: [text]It is strongly recommended that you do not generate your own salt for this function. It will create a secure salt automatically for you if you do not specify one. [/text]
This is something I've always used something like:

Code: Select all

mcrypt_create_iv(22, MCRYPT_DEV_URANDOM)
to build. Then I store the salt separately along with the password for verification later.

How does this work with allowing PHP to manage the salts? Or is this "secure salt" really a site-wide salt which is more like a pepper? Where does it get stored?

Re: Using new password_hash/verify

Posted: Tue Nov 19, 2013 5:23 am
by Celauran
Works similarly to how bcrypt has, with all the information in the hashed password.

From password_verify() manual page:
Note that password_hash() returns the algorithm, cost and salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or algorithm information.

Re: Using new password_hash/verify

Posted: Tue Nov 19, 2013 11:33 am
by Eric!
Right, but I don't see how that is supposed to help slow down rainbow table bruteforce attacks. The idea of the salt is to help strengthen each individual password with its own randomness. So every password is hashed with a fresh salt. These have to be stored somewhere and applied when verifying the password.

I would have to assume that password_hash reuses the same salt each time as it couldn't store a hidden salt somewhere every time it hashs. To me this means it is using some kind of pepper scheme, not a salt.

I read the author's description, so I guess I'll go in and have a look at the source code.

Re: Using new password_hash/verify

Posted: Tue Nov 19, 2013 12:11 pm
by Weirdan
I would have to assume that password_hash reuses the same salt each time as it couldn't store a hidden salt somewhere every time it hashs.
with all the information in the hashed password.
and no, it generates different hashes each time it's called:

Code: Select all

~❯ php -r 'var_dump(password_hash("password", PASSWORD_DEFAULT));'
string(60) "$2y$10$GZGQxfLEw84kT7xMsnF2.ub9nv6MJLp..HVdkMlhvp3OqyXdKACX."
~❯ php -r 'var_dump(password_hash("password", PASSWORD_DEFAULT));'
string(60) "$2y$10$tXCspX1WTpEy5Z8/n3PKz.Zn7r7ZiLOH00ds9ZrgJUgmq703jmAdK"
Salt is 22 characters following the last $ character. The rest is the hashed password.

Re: Using new password_hash/verify

Posted: Tue Nov 19, 2013 3:27 pm
by Eric!
Thanks. I saw that after looking through the source. That $2y is blowfish $10 is the cost then the salt+hash. My meager cryptography knowledge confused me with the language of the description that the "salt is included in the hash". I was thinking along the lines of other php hash functions

Code: Select all

$hash=hash('whirlpool',$salt.$string)
and there was no way to separate them after hashing. But they are doing it the crypt way where it is concatenated.