I'm interested in salting my hashed passwords...

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

I'm interested in salting my hashed passwords...

Post by Luke »

I have always stored my passwords in a database as a sha1 hash. I generally haven't salted these hashes mostly because I'm lazy, but also because I don't know enough about the subject to do it properly. I do know that it's best to give each user their own unique salt, but how do you store the salt in that case? Forgive my complete lack of knowledge on the subject.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: I'm interested in salting my hashed passwords...

Post by Chris Corbyn »

It's pretty easy but one serious gotcha... don't store the salt as character data in MySQL, store it as binary data since it really screws up when you switch character sets and MySQL decides to try transcoding it.

Adding the salt can be done in various ways. I'm sure some more crypto experts here will post better ways but this works:

Code: Select all

$normalHash = md5($password);
$saltedHash = md5($normalHash . $salt);
Where $salt is just a few random bytes:

Code: Select all

$salt = chr(rand(0, 255)) . char(rand(0, 255)) . chr(rand(0, 255));
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Re: I'm interested in salting my hashed passwords...

Post by Luke »

So it's ok to just store the salt in the database? It doesn't matter if the salt's value is exposed in the database? Like I said, I'm not very knowledgeable in this area :oops:
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: I'm interested in salting my hashed passwords...

Post by Chris Corbyn »

Luke wrote:So it's ok to just store the salt in the database? It doesn't matter if the salt's value is exposed in the database? Like I said, I'm not very knowledgeable in this area :oops:
You need to store it in the database otherwise you can't re-use it ;) I'm not very knowledgeable in this area neither but I know if you don't have the salt stored with the hash you ain't gonna be able to generate a valid hash again ;)
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Re: I'm interested in salting my hashed passwords...

Post by Luke »

I understand that, I am just wondering.. if my database is compromised, and the "bad guys" have access to the salt value, doesn't that defeat the purpose? I don't get it.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: I'm interested in salting my hashed passwords...

Post by Chris Corbyn »

I'm pretty sure there's no real problem having the salt available with the hash. Why you're best having one salt per-user is probably something to do removing any consistency should an attacker find a way to break the hashes... though reversing a hash is not very easily done and yields any number of possible values in any case.

I think I'm best not answering your security concerns... I don't know basically :P
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Re: I'm interested in salting my hashed passwords...

Post by Luke »

I have seen salts stored in the database before, so I believe you are right. You are also right about why it's best to give each record its own salt.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Re: I'm interested in salting my hashed passwords...

Post by Luke »

I do know it's never a good idea to hash twice though because it actually reduces security if you do. So never do sha1(md5($password)) or anything like that.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: I'm interested in salting my hashed passwords...

Post by Benjamin »

If you have a table full of hashed passwords with no salt, or even with the same salt, it's easy to create a rainbow table to break the passwords. Using a different salt with each stored password prevents the use of a rainbow table. The attacker would need to attack each password individually.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: I'm interested in salting my hashed passwords...

Post by kaisellgren »

You must assume that an imaginary attacker has your hashes including salts (a full database access). Luke, I think you might want to read this: http://www.phptalk.net/2009/01/24/every ... and-myths/
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Re: I'm interested in salting my hashed passwords...

Post by Luke »

Thanks Kai! That looks like an excellent write-up. I'm going to read it as soon as I get home from work. :-D
User avatar
papa
Forum Regular
Posts: 958
Joined: Wed Aug 27, 2008 3:36 am
Location: Sweden/Sthlm

Re: I'm interested in salting my hashed passwords...

Post by papa »

kaisellgren wrote:You must assume that an imaginary attacker has your hashes including salts (a full database access). Luke, I think you might want to read this: http://www.phptalk.net/2009/01/24/every ... and-myths/
Very nice article Kai!
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: I'm interested in salting my hashed passwords...

Post by Eran »

Nice article.

I didn't understand this part though:
The sufficient length of a salt is length(hash)/8 bytes
Hash length is measured in bits and a byte is 8 bits. If you divide by 8 and then multiply by 8 you end up with the same number... what am I missing?
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: I'm interested in salting my hashed passwords...

Post by josh »

Insert characters from the salt at random predetermined points in the hash value, if they don't have the code they'll give up trying to figure out what the hell is going on
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: I'm interested in salting my hashed passwords...

Post by kaisellgren »

pytrin wrote:
The sufficient length of a salt is length(hash)/8 bytes
Hash length is measured in bits and a byte is 8 bits. If you divide by 8 and then multiply by 8 you end up with the same number... what am I missing?
Maybe I could have written it better.

Theoretically, when trying to create a sufficiently enough long salt, which is enough long for hashes in general, we need to feed up the hash with the amount of bits it needs. We divide it by 8 to get the figure in bytes, so maybe this text instead makes more sense: "The sufficient length of a salt is x bytes, where x = length(hash)/8". This, of course, is not an exact number that is perfect for every hash, but a good simple rule to play around with.
Post Reply