MD5 - SHA512

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
stu7398
Forum Newbie
Posts: 2
Joined: Wed Apr 16, 2008 5:14 pm

MD5 - SHA512

Post by stu7398 »

Hi.
For my login and register pages I use 'MD5' encryption.
Someone suggested using 'SHA512'

What's the procedure in changing?

Thanks,
Stu.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Re: MD5 - SHA512

Post by s.dot »

You cannot just switch md5()'d passwords to any other algorythm.

The procedure in changing would be to create two new database fields. One called password_sha and another called use_sha. On new or future logins, you calculate and store the sha hash of the inputted password, and update use_sha to 1. Then on logins, you check if the use_sha field is = 1, then you check against the passwords. If it is 0, then you update it to sha.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: MD5 - SHA512

Post by Apollo »

Or... just use SHA from now on, storing any new or changed passwords as SHA hashes. Then in the checking procedure, allow both - check SHA first, and if that fails, check MD5 as well.

This way all existing passwords will keep working, and it's not a security flaw: SHA checksums are longer than MD5 so collisions are impossible.

Additionally, to get rid of the old hashes as soon as possible, you can replace the MD5 hash with the SHA hash whenever someone logs in using a password that fails the SHA check but passes MD5.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Re: MD5 - SHA512

Post by Maugrim_The_Reaper »

SHA collisions are not impossible ;). Just computationally prohibitive...

Most people switching use SHA256 AFAIK.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: MD5 - SHA512

Post by Apollo »

Maugrim_The_Reaper wrote:SHA collisions are not impossible ;)
Of course, but I meant collisions between old MD5 hashes and new SHA hashes. There's no increased risk by using SHA hasing for new passwords and still checking with MD5 checksums as well to keep old passwords working.

And sure - SHA256 is good enough, even SHA1 which is 160 bit will suffice by far for any reasonable usage. But if you're switching anyway, then I'd say why not switch to 512 bits right away :)
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: MD5 - SHA512

Post by Mordred »

Apollo wrote:
Maugrim_The_Reaper wrote:SHA collisions are not impossible ;)
Of course, but I meant collisions between old MD5 hashes and new SHA hashes. There's no increased risk by using SHA hasing for new passwords and still checking with MD5 checksums as well to keep old passwords working.

And sure - SHA256 is good enough, even SHA1 which is 160 bit will suffice by far for any reasonable usage. But if you're switching anyway, then I'd say why not switch to 512 bits right away :)
:offtopic:
Highly theoretical off topic:
Actually, if you have a method of generating a collision in MD5 or SHA, it is linearly harder to produce another collision. If you have a linearly harder method of generating collisions you can generate a great deal (in crypto terms) of them and find two of them that are also a collision in the other hash. Not that it's practically possible, but the interesting bit is that it's "only" linearly harder.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: MD5 - SHA512

Post by Apollo »

Mordred wrote: :offtopic:
Highly theoretical off topic:
Actually, if you have a method of generating a collision in MD5 or SHA, it is linearly harder to produce another collision. If you have a linearly harder method of generating collisions you can generate a great deal (in crypto terms) of them and find two of them that are also a collision in the other hash. Not that it's practically possible, but the interesting bit is that it's "only" linearly harder.
(still offtopic - but interesting indeed :))

Strange, is that really so? Wouldn't that depend on the collision generating algorithms? I mean, if the MD5-collision-generator works fundamentally different than the one for SHA, in the sense that it happens to create colliding data that is not likely at all to be also a SHA-collision, wouldn't it take much longer? (as in, essentially a brute force that isn't even guaranteed to find something?)
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: MD5 - SHA512

Post by Mordred »

I'm mistaken, mea culpa.
It is not linearly harder, it's much easier: with M more operations you get 2^M more collisions.

http://www.mail-archive.com/cryptograph ... 02611.html
kb0000
Forum Newbie
Posts: 4
Joined: Thu May 08, 2008 5:31 am

Re: MD5 - SHA512

Post by kb0000 »

You can do one thing.
When ever a user login ask him/her to update the password. When the user updates the password use SHA to store it.

KB
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: MD5 - SHA512

Post by Apollo »

kb0000 wrote:You can do one thing.
When ever a user login ask him/her to update the password. When the user updates the password use SHA to store it.
No need to, if the user enters his current password you can simply take the MD5 and the SHA hash from it. If you find the MD5 hash in the database, replace it with the SHA hash.
Bruno De Barros
Forum Commoner
Posts: 82
Joined: Mon May 12, 2008 8:41 am
Location: Ireland

Re: MD5 - SHA512

Post by Bruno De Barros »

Pseudocode:

Code: Select all

If (md5(POST_PASS) == SAVED_MD5_PASS) {
  # This will only happen once, when the user's password still hasnt been sha512'ed.
  sha512(POST_PASS);
  remove_saved_md5_pass(md5(POST_PASS));
  login();
} elseif (sha512(POST_PASS) == SAVED_SHA512_PASS)  {
  login();
} else {
  print "What? Are you trying to login with a wrong password, punk???";
}
 
This brings me to another question: What sha512 functions / methods are there? Does the hash() function have sha512? What is the current PHP support for that kind of hashing?
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: MD5 - SHA512

Post by Apollo »

Bruno De Barros wrote:This brings me to another question: What sha512 functions / methods are there? Does the hash() function have sha512? What is the current PHP support for that kind of hashing?
mhash should do the trick in PHP4 and 5. To enumerate available hash algorithms, use mhash_get_hash_count and mhash_get_hash_name.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Re: MD5 - SHA512

Post by Maugrim_The_Reaper »

PHP5's hash() has a wide range of supported hashing algorithms. mhash use is preferable if you are on PHP4 still.
Bruno De Barros
Forum Commoner
Posts: 82
Joined: Mon May 12, 2008 8:41 am
Location: Ireland

Re: MD5 - SHA512

Post by Bruno De Barros »

Oh my god, is hash() only PHP 5? I've been using it for so long, I didn't even notice that (of course I've been coding in PHP 5 for loads of time, but nevertheless...). So that's why my old IDE didn't have the hash() function xD.
Post Reply