This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How to best store user information and user login and password
How do you use bcrypt for hashing passwords in PHP?
I am used to using the md5() which I know is now outdated and I hear that sha1() is also insecure. So what is exactly the best way to store and retrieve passwords in a database these days with security in mind? I'd be very happy if you can provide a small example.
Thank you!
I would recommend looking at bcrypt, since it can help against brute-force attacks. http://codahale.com/how-to-safely-store-a-password/
You can find example Here
You should really use bcrypt to hash your passwords, it was designed especially for hashing password.
Hash functions for passwords should be slow (need some computing time). Most hash algorithms like SHA-1 and MD5 or even SHA-256 are designed to be fast, but this makes it an easy target for brute force attacks. An off-the-shelf GPU is able to calculate about 8 Giga MD5 hashes per second!
Don't be afraid to use bcrypt! It is not for high security sites only, and using it can be as easy, as using an md5 hash. It's recommended to use a well established library like phpass, and if you want to understand how it can be implemented, you can read this article, where i tried to explain the most important points.
UPDATE:
Current PHP versions offers the functions password_hash() and password_verify() to handle passwords. Use them like this:
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);
We use crypt with Blowfish:
// Hash our password
$hashed = crypt($plain_text_password, '$2a$08$' . substr(hash('whirlpool', microtime()), rand(0, 105), 22));
// Validate a password
if (crypt($plain_text_password, $hashed) == $hashed)) {
// Valid password
}
The salt prefix $2a$ (read the docs) is what instructs crypt to use Blowfish. And assuming the implementation of crypt(3) in the underlying OS supports it, you get it "for free."
md5\sha1 + unique salt = best way
Don't be paranoid.
You could look up alot of encryption codes or mix them for example like this:
sha1(md5(sha1($pw)));
I find that unnecessary so what I use is SHA512 hash("sha512",$pw);
Related
This question already has answers here:
Best way to store password in database [closed]
(8 answers)
Closed 10 years ago.
Yes I know storing passwords in plain text is not advised.Is there a best and easy way to store passwords so that the application remains secure ??
First off, md5 and sha1 have been proven to be vulnerable to collision attacks and can be rainbow tabled easily (when they see if you hash is the same in their database of common passwords).
There are currently two things that are secure enough for passwords that you can use.
The first is sha512. sha512 is a sub-version of SHA2. SHA2 has not yet been proven to be vulnerable to collision attacks and sha512 will generate a 512-bit hash. Here is an example of
how to use sha512:
<?php
hash('sha512',$password);
The other option is called bcrypt. bcrypt is famous for its secure hashes. It's probably the most secure one out there and most customizable one too.
Before you want to start using bcrypt you need to check if your sever has it enabled, Enter
this code:
<?php
if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) {
echo "CRYPT_BLOWFISH is enabled!";
}else {
echo "CRYPT_BLOWFISH is not available";
}
If it returns that it is enabled then the next step is easy, All you need to do to bcrypt a password is (note: for more customizability you need to see this How do you use bcrypt for hashing passwords in PHP?):
crypt($password, $salt);
A salt is usually a random string that you add at the end of all your passwords when you hash them. Using a salt means if someone gets your database, they can not check the hashes for common passwords. Checking the database is called using a rainbow table. You should always use a salt when hashing!
Here are my proofs for the SHA1 and MD5 collision attack vulnerabilities:
http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html, http://eprint.iacr.org/2010/413.pdf, http://people.csail.mit.edu/yiqun/SHA1AttackProceedingVersion.pdf, http://conf.isi.qut.edu.au/auscert/proceedings/2006/gauravaram06collision.pdf and Understanding sha-1 collision weakness
Hashing algorithms such as sha1 and md5 are not suitable for password storing. They are designed to be very efficient. This means that brute forcing is very fast. Even if a hacker obtains a copy of your hashed passwords, it is pretty fast to brute force it. If you use a salt, it makes rainbow tables less effective, but does nothing against brute force. Using a slower algorithm makes brute force ineffective. For instance, the bcrypt algorithm can be made as slow as you wish (just change the work factor), and it uses salts internally to protect against rainbow tables. I would go with such an approach or similar (e.g. scrypt or PBKDF2) if I were you.
Store a unique salt for the user (generated from username + email for example), and store a password. On login, get the salt from database and hash salt + password.Use bcrypt to hash the passwords.
Passwords in the database should be stored encrypted.
One way encryption (hashing) is recommended, such as SHA2, SHA2, WHIRLPOOL, bcrypt
DELETED: MD5 or SHA1. (those are older, vulnerable
In addition to that you can use additional per-user generated random string - 'salt':
$salt = MD5($this->createSalt());
$Password = SHA2($postData['Password'] . $salt);
createSalt() in this case is a function that generates a string from random characters.
EDIT:
or if you want more security, you can even add 2 salts:
$salt1 . $pass . $salt2
Another security measure you can take is user inactivation: after 5 (or any other number) incorrect login attempts user is blocked for x minutes (15 mins lets say).
It should minimize success of brute force attacks.
best to use crypt for password storing in DB
example code :
$crypted_pass = crypt($password);
//$pass_from_login is the user entered password
//$crypted_pass is the encryption
if(crypt($pass_from_login,$crypted_pass)) == $crypted_pass)
{
echo("hello user!")
}
documentation :
http://www.php.net/manual/en/function.crypt.php
You should use one way encryption (which is a way to encrypt a value so that is very hard to revers it). I'm not familiar with MySQL, but a quick search shows that it has a password() function that does exactly this kind of encryption. In the DB you will store the encrypted value and when the user wants to authenticate you take the password he provided, you encrypt it using the same algorithm/function and then you check that the value is the same with the password stored in the database for that user. This assumes that the communication between the browser and your server is secure, namely that you use https.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Secure hash and salt for PHP passwords
WARNING Don't use MD5 for passwords, use an alternative like bcrypt
For my passwords should I use salt like this (the salt will be unique to each user and not stored directly with the password)...
$salt = sha1(md5("coders gonna code"));
$password = md5($salt.$password);
or would it be okay if I just used:
$password = md5($password);
because if I used salt, even if the user makes up a bad password like password it won't matter because the salt (in this case) would be 145ac26ff093c6e1317f7d5fb4c9fd11c77be975 so the entry for there password would be 145ac26ff093c6e1317f7d5fb4c9fd11c77be975password which according to http://howsecureismypassword.net/ it would take 3 octodecillion years to crack.... so opinions? Or should I be even worse and go
$password = md5($salt.$password.md5($salt));
If the person has gone far enough to get the salt hash, would anything be able to stop then going futher? < More of a statement this last password
To everyone who said I should do it per user... I know, this is just an example.
You should change the salt so that it is specific to each user, not a system wide constant. This will make rainbow table attacks against your password hashes much more inconvenient.
There is a good write up on the evolution of salting in this article by Troy Hunt.
Edit
$salt something unique to each password record, which adds much entropy to it. This is usually a random sequence of bytes, stored with the user account.
Hashing is traditionally done on the concatenation of salt + password.
$passwordHash = hash($salt.$password);
As others have said, don't use MD5 for hashing. It is broken.
Applying additional proprietary algorithms to password or salt prior to hashing is not recommended. Instead, look at an industry strength solution such as PBKDF2, which, in addition to salting, also requires many (typically > 10k) repeated iterations which will further slow down an attacker.
If you adopt OWASP guidelines, the number of hashes performed should be increased regularly (to counteract Moore's Law). The number of hashes should also be persisted per user, meaning you will need to store the triple of hashed password, salt, and number of iterations.
You are using the salt totally incorrectly. Salts should be unpredictable; your salt is the exact opposite of that (fixed). Since a fixed hash is of absolutely no benefit, it also seems that you are counting on the salt not being known by the attacker. This is the definition of security through obscurity, which is another bad practice.
What you should be doing is:
Use an unpredictable string of reasonable length as the salt. Randomly generated 8-character strings from a pool such as lower/upper case letters and digits are fine.
Use a different salt for each user, and change it every time they change their password.
Move from MD5 (which is considered broken) to another hash function better suited to this application. SHA-1 is better because it's not considered broken; bcrypt is the best because it has a configurable load factor.
Don't use MD5 as your hashing algorithm, use something more secure such as SHA256 or even bcrypt.
Definately salt the password, if someone did gain entry to your database they would not be able to reverse the passwords for common hashes or using techniques such as rainbow attacks.
http://michaelwright.me/php-password-storage
http://en.wikipedia.org/wiki/Bcrypt
First of all you should never store md5 directly, which you regognized already.
PHP 5.5 will bring new methods to easily create and verify passwords in 1 line, until then you can use https://github.com/ircmaxell/password_compat (forward-compatible) to generate & verify safe password hashes.
I think salt is understood here incorrectly. The idea of salt is that it should be unique per hash. The reason is that when you create hash some different strings may have the same hash.
In your example you're hashing password too so it won't look like: 145ac26ff093c6e1317f7d5fb4c9fd11c77be975password
P.S. Use bcrypt. It's much more reliable.
Salts are meant to be completely random, and unrelated to the actual password you are storing a hash of.
What you should really do is generate a completely random salt, then do
$password = md5($salt.$password);
and store the user's username, salt and hashed password.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Secure hash and salt for PHP passwords
I use the following code to hash and store passwords:
$salt=uniqid(mt_rand(), false);
hash('sha512',$pass+$salt);
Is it secure in our time? If no, what solution is better?
Is crypt() good for this purpose or it's too old?
To make your hashing harder to brute-force, increase the computation time. sha512 is a cryptographic hashing function and it is optimized for speed. You're only hashing a password once when authenticating a user so don't be afraid to take your time.
Since an attacker will be computing millions of hashes, why not make your hash function take 0.1s per hash? You won't notice any significant speed degradation, but any brute-force attacks will be indefeasible.
That being said, instead of going out and writing your own hash function to do this:
hash = sha512(password)
for i in range(10000):
hash = sha512(hash) + salt
return hash
Use tested solutions like phpass, which uses bcrypt.
Hashing with a salt is good. However, you want to apply the hashing algorithm multiple times (a few hundred is a good ballpark).
"Stretching" the hash function in this way does not make for a stronger hash, but rather slows down brute force attacks.
http://en.wikipedia.org/wiki/Key_stretching#Hash_based_key_stretching
It depends on your use of this, it's not going to be sufficient for storing credit card details or bank details (not that you would hash them!) but it will be more than enough IMO for passwords for a website, especially given you are using a salt and it's the 512 hash.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I'm trying to find the best way to secure user passwords in a mysql database (hashing/encryption wise). I was which method was the most secure and hardest to crack. I am not very experience in the realm of encryption/hashing etc. Currently I am using a very unsecure method of doing this sort of encryption:
$encrypted_password = strrev(base64_encode($password));
I know that isn't the best way to do it, but like I said, I'm new. Could anyone point my in the right direction?
Thanks.
Use bcrypt:
Bcrypt is an adaptive password hashing algorithm which uses the Blowfish keying schedule, not a symmetric encryption algorithm.
Read the accepted answer here:
openssl_digest vs hash vs hash_hmac? Difference between SALT & HMAC?
How To Safely Store A Password
Edit: You should take a look at hash_hmac(). I think it's a better approach than just salting.
You can use sha1 and a salt:
$salt = "some random string";
$encrypted_password = sha1($salt.$password);
You add the salt to make it harder to use rainbow tables in case somebody manages to get the encrypted password list.
You could use any one-way hashing method (I just like sha1), but it's always better to salt it before hashing.
use hash_hmac to store encrypted passwords
If you need clear text password, use des/aes/3des
Here is an article from Php.net that talks about "Safe Password Hashing".
From the article:
When hashing passwords, the two most important considerations are the computational expense, and the salt. The more computationally expensive the hashing algorithm, the longer it will take to brute force its output.
There are two functions that are bundled with PHP that can perform hashing using a specified algorithm.
The first hashing function is crypt(), which natively supports several hashing algorithms. When using this function, you are guaranteed that the algorithm you select is available, as PHP contains native implementations of each supported algorithm, in case one or more are not supported by your system.
The second hashing function is hash(), which supports many more algorithms and variants than crypt(), but does not support some algorithms that crypt() does. The Hash extension is bundled with PHP, but can be disabled during compile-time, so it is not guaranteed to be available, while crypt() is, being in the PHP core.
The suggested algorithm to use when hashing passwords is Blowfish, as it is significantly more computationally expensive than MD5 or SHA1, while still being scalable.
You should look at php's hash() function: http://se2.php.net/manual/en/function.hash.php
With this you can use lots of different hash algorithms, I usually go with sha256, and add a salt to it before hashing it.
Passwords should be hashed, not encrypted. That is, you should not be able to decrpyt the password. Instead, you should compare hashes.
User sets password $password = 'hX4)1z'
You get hash of password and store to DB:
$pw = hash_hmac('sha512', 'salt' . $password, $_SERVER['site_key']);
mysql_query('INSERT INTO passwords (pw) VALUES ('$pw');
Customer comes back later. They put in their password, and you compare it:
mysql_query('SELECT pw FROM passwords WHERE user_id = ?'); //$pw = fetch
if ($pw == hash_hmac('sha512', 'salt' . $_REQUEST['password'], $_SERVER['site_key']) {
echo "Logged in";
}
I suggest using SHA2 with a salt to store your password.
To create a SHA2 hash, use this:
$hash = hash("sha512", $password.$salt);
A salt contains some extra characters to add to your password before hashing to prevent rainbow tables (databases of passwords and it's hashes). You can create one using a unique user info (like a user_id) or just create a random one and store it somewhere. Just make sure the salt is long enough.
normally it is better not to encrypt a password, but to hash it.
the difference is that encryption is encoding a string, leaving the possibility to decode it.
hashing is "one-way" - once you "hash" something, you cannot de-hash it. some strings can be hashed into the same result, but good hashing reduces the chance of a collision.
It is best to avoid storing actual passwords, since people tend to use a single common password to multiple websites. this means that you can access their accounts on other websites (or if you are leaked, the hacker can).
it's common to hash the password string together with "salt". This is some random string that it difficult to guess, like &%P)##M##)+!#~!#4320`2##!$0 or something of that sort. Common hash methods are md5/sha1 (or other sha method).
so you would have:
$password = '....';
$enc_pass = sha1( '%^$sd%MDdF)#I#)3asd3223##4*^&(*&##' . $password );
$enc_pass will be stored in the database, and after a login form, the result will be hashed (as above) and compared to the value in the database.
PS: don't forget to have your database column of a size that would contain the entire password ;)
I'd just like to add that storing a hash of the passwords does not automatically make the authentication process secure. What you also should employ is a decent password policy. The reason is, even if you have the most sophisticated hash algorithm of all time, and a user uses the password "password" or "1234", then the algorithm is useless, because the password can be simply guessed.
Don't forget to make a restriction on password strength.
Because password strength is a weakest part of the whole thing.
As long as your users do use weak passwords, no salt nor extra-secure hashing routine would be of any help.
The best hashing algorithm you can use is salted MD5 hashing where you insert some random characters inside the MD5 hashed string for that particular object. But you must remember the positions where you had inserted the random characters. This is required so that you can decrypt the hashing to obtain the original object or string.
$random="abcd";
$hashed=md5(your_string);
$salted_hash=$hashed.$random;
This is the simplest example where I have just concatenated the hashed and salt. but you can insert the salt string somewhere in the middle.
I am looking to create a commercial website using php and I wanted to make sure the code I have for user hashed password was strong enough to avoid brute force attacks.
Note that my server and it's php version does not support blowfish so I am trying to figure out a decent method of hashing a password.
$pw = "12341234";
$salt = 'randomchars';
$initial = sha1($pw);
$hashed = md5($salt . $initial);
Is there something else I should be considering? any thoughts would be appreciated!
You want http://www.openwall.com/phpass/
I think you are not aware of the fact, that the way you hash passwords does not influence the possibility of cracking the password by brute force attack (eg. when attacker tries to provide thousands of possible passwords). It only makes password safe in case someone sees the value in the database that is used to represent this password.
For Brute Attack you can use google's captcha..
And for code password you can use first md5 and second sha1 because md5 generating 32 characters data sha1 64.. :)
Your snippet seems secure. You want to protect against rainbow table attacks, so the double-encryption is a good idea. The computing power to even generate a list of MD5 hashes of SHA1 plaintext is huge, but it's still no harm to have the salt there to protect against such an attack.
There is no need to reinvent a wheel as there is a crypt function.
// generate MD5-hashed password with salt
$password = crypt('mypassword');
// password contains string(34) "$1$bkZO1nIl$y5bzPPwByq.9tYEb64k4e0"
See examples for different types of hashes including MD5 and SHA256 in the manual: http://php.net/manual/en/function.crypt.php
I this is not enough, there are alternatives:
How do you use bcrypt for hashing passwords in PHP?
Keep in mind that if someone was able to lay his hand on your database, his ability to crack users' passwords will be least of your problems.