Passwords

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Passwords

Post by toasty2 »

How should I hash passwords? Just use crypt? Use crypt with one of the other encryptions? Something else?
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

User avatar
The Phoenix
Forum Contributor
Posts: 294
Joined: Fri Oct 06, 2006 8:12 pm

Re: Passwords

Post by The Phoenix »

toasty2 wrote:How should I hash passwords? Just use crypt? Use crypt with one of the other encryptions? Something else?
Crypt is reversible. Hashes are not.

You want hashes, as they are not reversible, so an attacker with control of the database cannot extract the plain-text version of users passwords.

md5, sha1, sha256/512/etc all work well.
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

So, is using:

Code: Select all

hash('sha512', $password);
good?
User avatar
dbevfat
Forum Contributor
Posts: 126
Joined: Tue Jun 28, 2005 2:47 pm
Location: Ljubljana, Slovenia

Post by dbevfat »

It'd be better if you added some salt. Did you read the article that Oren linked?
timgolding
Forum Newbie
Posts: 14
Joined: Tue Jul 24, 2007 9:02 am

Post by timgolding »

toasty2 wrote:So, is using:

Code: Select all

hash('sha512', $password);
good?
this is still susceptible to dictionary attacks.
grant
Forum Newbie
Posts: 3
Joined: Sat Aug 04, 2007 3:57 am

Post by grant »

MD5 Salt hashing is the way to go. Don't just MD5 your passwords Salt them too.

Google can provide many examples. Means if someone dumps all your passwords then your passwords will be secure.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

grant wrote:MD5 Salt hashing is the way to go. Don't just MD5 your passwords Salt them too.
I think anything-stronger-than-MD5 salt hashing is a better way to go. ;)
RhapX
Forum Commoner
Posts: 30
Joined: Mon Dec 05, 2005 5:24 pm
Location: Seattle, Washington

Post by RhapX »

grant wrote:MD5 Salt hashing is the way to go. Don't just MD5 your passwords Salt them too.

Google can provide many examples. Means if someone dumps all your passwords then your passwords will be secure.
MD5 can be cracked, sha1 is the way to go.
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

RhapX wrote:MD5 can be cracked, sha1 is the way to go.
As in reversed? Are you certain? That's a rumor I've heard, but I haven't seen any proof of it, yet.
User avatar
The Phoenix
Forum Contributor
Posts: 294
Joined: Fri Oct 06, 2006 8:12 pm

Post by The Phoenix »

superdezign wrote:
RhapX wrote:MD5 can be cracked, sha1 is the way to go.
As in reversed? Are you certain? That's a rumor I've heard, but I haven't seen any proof of it, yet.
Reversed isn't correct. Predicted and repeated with different inputs is.

Two of the strengths of hashes is that they are unique, and that they aren't (generally) predictable. MD5 has fallen to both. That means you can get an MD5sum for your favorite OS (OpenBSD? Linux?), and it might not mean your copy hasn't been tampered with. (I could generate a new image with a rootkit pre-installed, for example).

Thats bad, depending on the application of the hash. SHA1 has also had substantial compromises in the last few years as well. SHA-256 and above are the current suggested solutions for hashing in most security circles.

As to proof, google for "MD5 broken paper", and you'll find plenty of discussion (and links) to the papers from 2005 that led to most of the compromises. Its very real.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

The Phoenix wrote:Two of the strengths of hashes is that they are unique, and that they aren't (generally) predictable. MD5 has fallen to both.
Is that a flaw of the algorithm or of the length of the hash?

Edit: So they found ways to reliably fake the same hash? Whoa.. why bother knowing a password if you can just make up one that works. :/
User avatar
The Phoenix
Forum Contributor
Posts: 294
Joined: Fri Oct 06, 2006 8:12 pm

Post by The Phoenix »

superdezign wrote:Is that a flaw of the algorithm or of the length of the hash?

Edit: So they found ways to reliably fake the same hash? Whoa.. why bother knowing a password if you can just make up one that works. :/
In the case of MD5, its the algorithm. In the case of SHA, I don't think there is a clear answer. The length of the hash makes it less likely to occur, but it is due to a flaw in the algorithm. So, both, I guess?

And yes, thats the problem. MD5 is broken, broken, broken. Even if it wasn't, it can be reliably brute-forced relatively quickly for most reasonable inputs thanks to the incredible increases in processing speeds.

SHA on the other hand is still relatively strong for most reasonable uses. The level at which it isn't is pretty much exactly the level where you should be looking at SSL or similar transports to obviate the need for a (weaker) hash.
Post Reply