Page 1 of 1

MD5 - SHA512

Posted: Wed Apr 16, 2008 6:06 pm
by stu7398
Hi.
For my login and register pages I use 'MD5' encryption.
Someone suggested using 'SHA512'

What's the procedure in changing?

Thanks,
Stu.

Re: MD5 - SHA512

Posted: Wed Apr 16, 2008 6:19 pm
by s.dot
You cannot just switch md5()'d passwords to any other algorythm.

The procedure in changing would be to create two new database fields. One called password_sha and another called use_sha. On new or future logins, you calculate and store the sha hash of the inputted password, and update use_sha to 1. Then on logins, you check if the use_sha field is = 1, then you check against the passwords. If it is 0, then you update it to sha.

Re: MD5 - SHA512

Posted: Thu May 01, 2008 3:37 pm
by Apollo
Or... just use SHA from now on, storing any new or changed passwords as SHA hashes. Then in the checking procedure, allow both - check SHA first, and if that fails, check MD5 as well.

This way all existing passwords will keep working, and it's not a security flaw: SHA checksums are longer than MD5 so collisions are impossible.

Additionally, to get rid of the old hashes as soon as possible, you can replace the MD5 hash with the SHA hash whenever someone logs in using a password that fails the SHA check but passes MD5.

Re: MD5 - SHA512

Posted: Fri May 02, 2008 2:43 am
by Maugrim_The_Reaper
SHA collisions are not impossible ;). Just computationally prohibitive...

Most people switching use SHA256 AFAIK.

Re: MD5 - SHA512

Posted: Fri May 02, 2008 10:13 am
by Apollo
Maugrim_The_Reaper wrote:SHA collisions are not impossible ;)
Of course, but I meant collisions between old MD5 hashes and new SHA hashes. There's no increased risk by using SHA hasing for new passwords and still checking with MD5 checksums as well to keep old passwords working.

And sure - SHA256 is good enough, even SHA1 which is 160 bit will suffice by far for any reasonable usage. But if you're switching anyway, then I'd say why not switch to 512 bits right away :)

Re: MD5 - SHA512

Posted: Fri May 02, 2008 4:46 pm
by Mordred
Apollo wrote:
Maugrim_The_Reaper wrote:SHA collisions are not impossible ;)
Of course, but I meant collisions between old MD5 hashes and new SHA hashes. There's no increased risk by using SHA hasing for new passwords and still checking with MD5 checksums as well to keep old passwords working.

And sure - SHA256 is good enough, even SHA1 which is 160 bit will suffice by far for any reasonable usage. But if you're switching anyway, then I'd say why not switch to 512 bits right away :)
:offtopic:
Highly theoretical off topic:
Actually, if you have a method of generating a collision in MD5 or SHA, it is linearly harder to produce another collision. If you have a linearly harder method of generating collisions you can generate a great deal (in crypto terms) of them and find two of them that are also a collision in the other hash. Not that it's practically possible, but the interesting bit is that it's "only" linearly harder.

Re: MD5 - SHA512

Posted: Sat May 03, 2008 2:58 am
by Apollo
Mordred wrote: :offtopic:
Highly theoretical off topic:
Actually, if you have a method of generating a collision in MD5 or SHA, it is linearly harder to produce another collision. If you have a linearly harder method of generating collisions you can generate a great deal (in crypto terms) of them and find two of them that are also a collision in the other hash. Not that it's practically possible, but the interesting bit is that it's "only" linearly harder.
(still offtopic - but interesting indeed :))

Strange, is that really so? Wouldn't that depend on the collision generating algorithms? I mean, if the MD5-collision-generator works fundamentally different than the one for SHA, in the sense that it happens to create colliding data that is not likely at all to be also a SHA-collision, wouldn't it take much longer? (as in, essentially a brute force that isn't even guaranteed to find something?)

Re: MD5 - SHA512

Posted: Sat May 03, 2008 1:37 pm
by Mordred
I'm mistaken, mea culpa.
It is not linearly harder, it's much easier: with M more operations you get 2^M more collisions.

http://www.mail-archive.com/cryptograph ... 02611.html

Re: MD5 - SHA512

Posted: Thu May 08, 2008 5:41 am
by kb0000
You can do one thing.
When ever a user login ask him/her to update the password. When the user updates the password use SHA to store it.

KB

Re: MD5 - SHA512

Posted: Thu May 08, 2008 6:13 am
by Apollo
kb0000 wrote:You can do one thing.
When ever a user login ask him/her to update the password. When the user updates the password use SHA to store it.
No need to, if the user enters his current password you can simply take the MD5 and the SHA hash from it. If you find the MD5 hash in the database, replace it with the SHA hash.

Re: MD5 - SHA512

Posted: Mon May 12, 2008 9:14 am
by Bruno De Barros
Pseudocode:

Code: Select all

If (md5(POST_PASS) == SAVED_MD5_PASS) {
  # This will only happen once, when the user's password still hasnt been sha512'ed.
  sha512(POST_PASS);
  remove_saved_md5_pass(md5(POST_PASS));
  login();
} elseif (sha512(POST_PASS) == SAVED_SHA512_PASS)  {
  login();
} else {
  print "What? Are you trying to login with a wrong password, punk???";
}
 
This brings me to another question: What sha512 functions / methods are there? Does the hash() function have sha512? What is the current PHP support for that kind of hashing?

Re: MD5 - SHA512

Posted: Wed May 21, 2008 2:06 am
by Apollo
Bruno De Barros wrote:This brings me to another question: What sha512 functions / methods are there? Does the hash() function have sha512? What is the current PHP support for that kind of hashing?
mhash should do the trick in PHP4 and 5. To enumerate available hash algorithms, use mhash_get_hash_count and mhash_get_hash_name.

Re: MD5 - SHA512

Posted: Wed May 21, 2008 7:52 am
by Maugrim_The_Reaper
PHP5's hash() has a wide range of supported hashing algorithms. mhash use is preferable if you are on PHP4 still.

Re: MD5 - SHA512

Posted: Thu May 22, 2008 10:14 pm
by Bruno De Barros
Oh my god, is hash() only PHP 5? I've been using it for so long, I didn't even notice that (of course I've been coding in PHP 5 for loads of time, but nevertheless...). So that's why my old IDE didn't have the hash() function xD.