Just noticed this on the index page -- ??

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Just noticed this on the index page -- ??

Post by Luke »

News wrote:"But, but, but...MD5 is an encryption, right?" Nope, it's not. It's a hashed string. And it can easily brute-forced, now even more easily than ever

slashdot wrote:

"Sporting over 12 million entries, project GDataOnline is one of the largest non-RainbowTable based MD5 crackers on the internet. The database spans over 7 languages, 35 topics, and contains common mutations to words that include numbers and capitalization. Average crack time for 5 hashes: .04 seconds. No more waiting weeks for your results!"

Source: http://it.slashdot.org/article.pl?sid=05/08/21/1946254

If you still rely on MD5 for any kind of security: don't. SHA1 has been cracked as well, so your best bet is using PHP's crypt() function (and not use it's MD5 hashing).
Almost every user-authenticate thread I have read in here has supported the use of md5... what is this all about?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Roja among others have talked copious amounts of times about the "breakage" of MD5 and all the related systems.. even that thread talks a lot about it and I bet this one will to. ;) Even searching the board for SHA256 (a much much more secure hash) pulls up 35 threads...
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Test it with:

abcdefgh123

;)
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

That's crazy... so is there a new hashing method that is more secure? (Is it sha256?)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

MD5 < SHA1 < SHA256
MD5 < MD5+salt
SHA1 < SHA1+salt
SHA256 < SHA256+salt

:)
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

I don't hash my passwords anymore. I use MySQL's AES_ENCRYPT function instead. It's as secure as I need it to be and it means I have access to the passwords if necessary .. but it's not very portable.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Isn't the point not to know the password? If your decryption key is compromised, bye bye all the passwords. But if all they have are a bunch of hashes, they'll need to construct rainbow tables to figure 'em out.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

feyd wrote:Roja among others have talked copious amounts of times about the "breakage" of MD5 and all the related systems.. even that thread talks a lot about it and I bet this one will to. ;) Even searching the board for SHA256 (a much much more secure hash) pulls up 35 threads...
Of course I will here too!
One armed space goat wrote:Almost every user-authenticate thread I have read in here has supported the use of md5... what is this all about?
I think we're going to have to update the md5 tutorial itself to mention this issue, because it comes up every week.

So, to review.. ( viewtopic.php?t=38409&highlight=md5+crack )
News wrote:"And it can easily brute-forced, now even more easily than ever
The statement that it can be more easily brute-forced than before is true, as multiple weaknesses have been found in it. However, the example you give ISN'T about that. It's a lookup table..
News wrote:"Sporting over 12 million entries, project GDataOnline is one of the largest non-RainbowTable based MD5 crackers on the internet. The database spans over 7 languages, 35 topics, and contains common mutations to words that include numbers and capitalization. Average crack time for 5 hashes: .04 seconds. No more waiting weeks for your results!"
Thats not a cracker. Thats a lookup table. Much like you wouldnt call Yahoo's map system a "Zip code cracker", you shouldn't call a rainbow table a "online md5 cracker". It looks up OUTPUT, based on INPUT.

Thats why the old-timers suggest using salt in your hashes - it makes rainbow tables far less efficient (almost useless).

Imagine doing a zipcode lookup, but you have to add a random number to the zipcode - a random number that is only good once. And if you use the wrong zipcode, you find Florida instead of Ohio. Thats why salt is so useful.
News wrote:If you still rely on MD5 for any kind of security: don't. SHA1 has been cracked as well, so your best bet is using PHP's crypt() function (and not use it's MD5 hashing).
SHA1 has not been cracked.

They have found cryptographic weaknesses in the algorithm, that reduces the strength of the hash by a non-trivial (*) amount, but thats not a crack.

However, the statement "You shouldnt use md5 or SHA1 anymore" isn't a terrible one: If possible, switch to sha-256, which has not yet had any breeches identified. (There is speculation that the same vulnerabilities affecting sha1 might OR might not affect sha-256, but even if it does, sha256 is so much more strong that it wouldn't matter much)

* Non-trivial meaning its measurable, which is not the same as "turns my safe into a paper bag".
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

What if you did a sha256 hash of a md5 hash? Or even better yet a sha256 hash of an md5 hash that has been salted? Are these common practices?

It seems to me that a hash that is salted differently every time would be virtually uncrackable. Am I wrong?

Also, I didn't find any information about sha256 on php.net... can sha256 be used with php?
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

What if you did a sha256 hash of a md5 hash? Or even better yet a sha256 hash of an md5 hash that has been salted? Are these common practices?
No. MD5 hashes are a fixed length, so they'll never be any longer or shorter, which reduces the number of total possible inputs. Don't do it.
It seems to me that a hash that is salted differently every time would be virtually uncrackable. Am I wrong?
Nothing is virtually uncrackable.

Well, except one time pads. But in reality, they're crackable too. Just consider salts something that increases security.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

No. MD5 hashes are a fixed length, so they'll never be any longer or shorter, which reduces the number of total possible inputs. Don't do it.
Thanks... I wouldn't have thought of that. I love this site. You guys are all so helpful.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

One armed space goat wrote:What if you did a sha256 hash of a md5 hash?
In simple terms, you are adding a strong link to a weak fence. Focus on the strong parts - not the weak.

So no, it would reduce the security of sha256. You'd be better off doing just sha256.
One armed space goat wrote:Or even better yet a sha256 hash of an md5 hash that has been salted? Are these common practices?
Nope. You should stick to a single method for the best security.
One armed space goat wrote:It seems to me that a hash that is salted differently every time would be virtually uncrackable. Am I wrong?
In crypto circles they prefer the term "Infeasible". As in, while I could hook up every computer on the planet and break your puny codes, it wouldnt be feasible for me to do so.

What you've described is called a one-time pad. (Salting differently every time - only using a salt once). And yes, an OTP can be extremely secure.
One armed space goat wrote:Also, I didn't find any information about sha256 on php.net... can sha256 be used with php?
Search for sha256 on these forums. Feyd produced a fantastic sha256 library for php!
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

How about this idea Good or bad?

When a user signs up for whatever it is that you are offering them, you generate a user password
To create that password

1)you take the last 8 characters of the hash of this:
time().array_of_random_stuff['randomnumber']

2) hash that value and store it in your database...
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Personally, that annoys me. I'd rather have an email sent to me with a verification id, then click the link to fill in my password info and my account is enabled.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

last 8 characters of a hash is only 4,294,967,296 possible combinations.. that's a fairly small pool considering that's the equivalent of a 4 character password...
Post Reply