What method can I apply if I want a user to edit their original password after storing as hash.
A website that shows a user their password is VERY insecure. Always hash it and never show the user their password. If they forget their password have the user reset their password and rehash it and replace it in their database. But NEVER show the user their password and ALWAYS hash.
DO NOT store an unhashed password in the database.
DO NOT show passwords in the 'change password form'
DO NOT show password hashes anywhere.
Provide the user with a form to edit the password but do not provide the previous one. Just show the user an empty text box for inserting a new password while also having a text box for the user to input their current password.
You can check any password hashed with password_hash() using password_verify().
If password_verify() returns true just use an UPDATE query to change the stored hash.
As for the suggestion of saving it, please, do never store unencrypted passwords in your database: every single of them will be exposed if your database is ever accessed.
As for your question: an encrypted or hashed word is very difficult (or plainly impossible, are you hashing or encrypting?) and costly to restore. I understand the usability issue but once a password is stored the user should never be able to query it (that's what we have password recovery measures)... So, in short, you could have them create new passwords but you can't have them editing the one they have since you don't even know it.
PS: All this assumes that the password is already been stored. Of course... If we're talking about html password tags the issue is different.
Related
I have a database with accounts that still use the MD5 algorithm which is old and unsafe, so I wanted to update the passwords with the password_hash function in php.
I made a login for users with a md5 password so they can be prompted with an update field to update their password. It all works and I see the new hash string in the database. But when I want to login using their new password it's just not possible.
I use a PDO update query to update the passwords, does anyone have a solution or know if this is even possible?
Thanks in advance,
Bram.
EDIT:
This is the code I use to verify the passwords.
if (password_verify($password, $rowofusers['passwordhere'])) {
//code here
}
As mentioned, the correct way to do this can be completely transparent to the user and should not require an "update password prompt".
When the user tries to log in take the following steps to modify your login process accordingly.
Check if the hash in the db starts with $2y$ to determine if the password should be check with md5 or password_verify. If it does start with $2y$ then just use password_verify and ignore the remaining steps (continuing on with the rest of your normal login process).
If the password hash in the database does not start with $2y$ then first, check the plain-text password against its md5 hash.
If the plain-text password's hash doesn't matches the md5 hash in your database continue with normal failed authentication process and ignore the remaining steps here
If the plain-text password's hash does match the md5 hash in your database then take the plain-text password and run it through password_hash and update your database with the newly generated BCRYPT hash from password_hash.
You would have to keep this code in your login process until all passwords in your database have been updated and no remaining md5 hashes are left. The user will never know that their password hash is updated and never be prompted to enter their password twice as it's completely unnecessary.
Maybe silly question...,
but i'm asking myself if it's useful to store the password (plain text) in the database once i have hashed it using password_hash() function...
Since password_verify() only uses hashnSalt to check if pass is correct.
once the "Villain" obtain access to the db he doesn't have plain text password (will ask him time to bruteforce them)
If the user forget his password he can't get it back : only way is to recreate a new pass.
i'm on a 50/50..
Do NOT EVER under any circumstances store plaintext passwords. Doing this defeats the entire purpose of hashing the password in the first place.
The entire purpose of using a one way hasing algorithm is that if a hacker gets into your site and steals your database it is virtually impossible for that hacker to obtain the passwords for your users without using bruteforce or tables. (The tables risk is also mitigated by the salt introduced by the password_hash() function.)
You should never be able to retrieve your users' passwords, even as the site owner/operator (if you can, then a hacker can too). That's why any website that will send you your password instead of having you reset it is a red flag immediately as they are not storing your credentials securely.
The correct way to handle this is if a user forgets their password you send a temporary link which allows the user to create a new password.
First: never store plain text passwords! Probably the user uses more than one place the same password, and you would give the login information to other services for the attacker.
I would sabe only the created hash and if the user needs to remember the password he/she would have to reset it with a new one. The method to do this you can choose, but sending an email with a unique temporary link the best solution.
if a user forget his password, you can send him/her email with a link to his page and ask him to change his password. or you can set a new password for the user and send it to that user
I need an old password (not hashed) for sending to user but doesn't see a good idea? I read the documentation and there is only a method where I can get a hashed password. What can I do for getting real password?
Password should never be recovered clean after they are hashed and most of the time it's not even possible. I definitely suggest you to provide a reset password link instead of providing the old one.
Hashed password with MD5, SHA1, SHA2, Blowfish and others are one way encrypted this means that you shouldn't be able to decrypt them therefore making them secure (the first ones aren't that secure actually, but that's off topic here).
You can't get the original password; that is the point of using a hash.
If the user needs a new password, then generate a one-time, short-lived, random string and email it to them as part of a URL. When they follow the link, prompt them for a new password.
See the OWASP Forgot Password Cheat Sheet for more advice on how to do this as securely as possible.
You can't recover old password (unhashed) because its not stored in database. Only its hash is stored. Hashed can't be decrypted (that is why its called hash) ORM uses this model to solve alot of security issues.
Sending raw Password is real BAD idea. If you still want to do it:
If you are generating a password yourself during registration (Then mail it to user and then save it)
If user are setting their password. You will have it as POST variable. While saving it to database, mail it too.
If user is using forgot password to recover their password. Then reset the password first (generate a new one and save it to database) and send it to user.
You can't. A hashed password in Kohana is most likely a password encrypted with one-way encryption. I mean you can't decrypt it and get it in clear text. You should not store your applications password in clear text to protect the user.
http://en.wikipedia.org/wiki/Cryptographic_hash_function
What you may do is to generate a new temporary password for the user and send it to the users email, but I think reset password link is the best solution.
So I am making a basic log-in page. I have a good idea of what to do, but I'm still unsure of some things.
I have a database full of students and a password column of course. I know I'm going to use md5 encryption in that column. The student enters their e-mail and student ID, and they get e-mailed a password if correct.
But, where do I create the password? Do I have to manually add the password (which is just a randomly generated string) in mySQL to all the students? And I am suppose to send the password to the student; how will I know what to send the student if the password is encrypted?
I was thinking about generating the password when the student first enters their e-mail and student ID. They get an e-mail of the random string, and at the same time, I add the same random string to the database, encrypted.
Is that how it's suppose to work though? And it feels unsafe doing that all on the same page.
Sorry for the long-winded, newbish question. I find this all facisnating at the same time as well (AES and RSA encryption :O)
A few things here:
You aren't really encrypting it, you're hashing it. Easy thing for newbies to confuse, but just wanted to get that out of the way.
Don't use MD5, it's just not a very secure hash. Use one of the SHA variants instead if possible.
Don't just hash the password, you'll want to "salt" it too. Basicly this involves adding a random string to the password before you hash it, and storing that random string somewhere where you can retrieve it later (so that you can validate the hash when the user enters their password). This helps prevent against pre-computed dictionary attacks.
As for generating the password, I think you are on the right track - I would just generate it when they create their account, email it to them, then hash it and store the hashed (and a random salt) on the user record in the DB.
If you're generating passwords, generate a password and send the generated password to the student. MD5 that password and store it in the database. When someone logs in, MD5 the password they submitted in the form and compare that hash to the one in the database. If they match, successful login.
Your PHP should generate the password at the time of registration. Email the password to the student then run it through a hashing function (md5() is ok but sha1() is better). Store the hash in the DB and drop the original password. That way not even you can see what it is.
When the user logs in, hash their typed password and compare it against the hash stored in the DB. If they match, the user typed the right password.
Adding to the previous answers, depending on the hashing method you choose, the process goes like this:
1.- It is good idea generating the password the first time the students enter their ID and email.
2.- When they submit their data you receive it and generate the password randomly using any hashing method of your choice and store it in your DB.
3.- When they want to log in you ask for their ID and password, use the hashing method on the entered password and compare it with the one that's stored.
4.- If they lose their password and the hashing method has no way to be undone or reversed, you need to implement a method to create a temporary link sent to the student's email to create a new password, for there's no way to retrieve the old one. If the hashing method can be reversed then there's no problem, just de-hash it and send it to the studen's email.
Hope this clarifies a bit the process :)
Please try to search StackOverflow before asking a question. Many questions are already answered. For example:
PHP & MySQL compare password
how do I create a mySQL user with hash(‘sha256’, $salt . $password)?
Secure hash and salt for PHP passwords
User Login with a single query and per-user password salt
Non-random salt for password hashes
Hi
I want that nobody can see my password even in database..
So i used hash function like this
$passowrd_hash=hash('shal',$_POST['password']);
Now easily I can store this password_hash value into database. It will be something like in encrypted form.
Now user know its original password he don't know this encrypted password.
Now if he try to login through this original password..He is not able to login.
So is there any method so that it can be decrypted and user can make log in. So he can achieve both security of password as well as login again.
How to do this?
you need to hash the user input password and compare hashes.
Before comparing the posted password by the user with the one in the database, encrypt the posted password the same way as the stored password.
All you need to do is encrypt the password you type in and compare the two; the hash in the database and the one you just encrypted. If they match then the password entered is the right one. I am assuming you are using an algorithm like SHA1.
As already answered, you need to hash the password every time they re-enter it and compare the hash to what is in your database.
You ALSO should look into using salt in your hashing algorithm. There is a good deal of discussion in this question:
Secure hash and salt for PHP passwords
You dont need to decrypt it. You cannot convert back a hash to a plain text, its a one way function. So, basically you hash the input password and compare the two hash:
E.g (pseudo code):-
if hash(password entered by user) == password stored in databse Then
//logged in successfully
else
//login failed
end if
I highly recommend using md5() http://php.net/manual/en/function.md5.php.
When the user signs up, you store:
$password = md5($_POST['password']);
And when the user logs in you check:
if($_POST['password_entered'] == $passwordFromDB) :
// Log user in
else :
// Show error to user
endif;