I am coding a registration system. I decided to encrypt the passwords and let the users use whatever they want in their passwords, including spaces.
The only restrictions would be:
- no spaces at the start or end of password
- min 5 char and max 30 characters
// CHECK PASSWORD
} elseif ((substr($password, 0, 1) == " " || substr($password, -1, 1) == " ")){
$msg = "You cannot have a space in the beginning or end of your password.";
} elseif (strlen($password) > 30)) {
$msg = "Your password cannot be longer than 20 characters.";
} elseif (strlen($password) < 5)) {
$msg = "Your password cannot be shorter than 5 characters.";
Is that enough?
I'll also take this chance to ask how should I treat the password before and after encrypting it. Should I just encrypt it and then escape it?
What you're looking for is not encryption, but hashing. A hash algorythm takes some arbitrary value and tranforms it into a fixed-size string. It's well suited for this becouse a hash algorythm is one-way, i.e. you can hash something but you can't unhash it.
For more security, you can add a 'salt' to avoid rainbow tables. A rainbow table is a table with already-calculated hashes for known words. For example a user has a password of "apple" wich produces the hash "XABC". If a hacker has the hash"XABC", he goes to a rainbow table and looks for a word that produces the hash "XABC". Since apple is a common word, so is it's hash and it will probably be in the table. The salt avoids this since it added before the the hashing occurs. you just concatenate it to the string to be hashed. So if the user uses the password "apple", your script doesn't hash apple, it hashes "saltedapple" wich no loger produces the known hash "XABC". 'saltedapple' is not a known word and its less likely to be in a rainbow table. 'salted' is a pretty simple salt, but using '$ZX?(' would make '$ZX?(apple' wich i can asure you that's not in any rainbow table.
Instead of check for spaces in begin and and of string, you can just trim($password)
You don't need to encrypt password at all. Just encrypt it with something like
function encryptPassword($enteredPassword) {
return md5(sha1($enteredPassword);
}
and validate user entered password, after encryption, with same stored password;
p.s. it is much better to use mcrypt, with more difficult algorithm.
Related
im currently trying to understand hashes and salts. As i understand it, it should not be possible to verify a password, if i only have the password and the generated hash(that was generated with a random salt ofc).
So how can the password_verify function in PHP verify my password, if i dont give it the salt? Is there a hidden variable in the background, that stores it for the php hashing functions?
And if that is the case, how can
doveadm pw -t '{SHA512-CRYPT}$6$myhash...' -p "qwertz"
verify it too, even if i run it on a complety different computer? Thats a tool, that comes with Dovecot(a MDA).
Here is my PHP code, that creates a random salt with 64 chars, combines it with a password, creates a hash and verifies the hash via password_verify().
I just started working on the whole hash/salt/pepper thing today, so there could be a huge flaw in my whole train of thought.
<?php
$password = "qwertz";
$salt = createSalt(64);
$hash = crypt($password, "$6$$salt");
if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
function createSalt($length){
$chars = "IrhsYyLofUKj4caz0FDBCe2W9NRunTgQvp7qOXmS5GM3EJV6i8tAHdkPbxwl1Z";
$salt="";
for($i=0; $i < $length; $i++){
$newchar = substr($chars, rand(0,strlen($chars)-1),1);
$salt .= $newchar;
}
return $salt;
}
?>
The hash contains several pieces of information. This article explains the format used by Unix but I believe PHP password functions use a similar format (if not the same):
The hash field itself is comprised of three different fields. They are
separated by '$' and represent:
Some characters which represents the cryptographic hashing mechanism used to generate the actual hash
A randomly generated salt to safeguard against rainbow table attacks
The hash which results from joining the users password with the stored salt and running it through the hashing mechanism specified in
the first field
It can also include the exact per-algorithm options used to generate the hash, such us the algorithmic cost:
var_dump(password_hash('foo', PASSWORD_BCRYPT, [
'cost' => 8,
]));
string(60) "$2y$08$7Z5bTz7xXnom8QsrbZ7uQetMLxOZ7WjuDkUYRIh73Ffa17GV1Tb7q"
Here $2y$08$ means that Bcrypt with cost 8 was used.
If we use the newer Argon2 available in PHP/7.2 there're even more params:
$argon2i$v=19$m=1024,t=2,p=2$YzJBSzV4TUhkMzc3d3laeg$zqU/1IN0/AogfP4cmSJI1vc8lpXRW9/S0sYY2i2jHT0
Some backgrounds to the answer from #Álvaro González :
PHP manual suggests using "password_hash" instead of "crypt" function through "password_hash" is a "crypt()" wrapper ( Because, it uses a strong hash, generates a strong salt, and applies proper rounds automatically. )
"password_hash()" returns the algorithm, cost, and salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the "password_verify" function to verify the hash without needing separate storage for the salt or algorithm information. : http://php.net/manual/en/function.password-verify.php
Since, "password_hash" is a wrapper for "crypt", "crypt" also does the same, ie., returns the algorithm, cost, and salt as part of the returned hash. and thus "password_verify" can verify the hash.
Now, please check the answer given by #Álvaro González
Somebody should pls guide me on how i can fetch out hashed password from database and match the password entered by a user when login in
i used php crypt() function with bcrypt algorithms to hash the password when registrian the user
thank you all in advance
From the documentation:
$hashed_password = crypt('mypassword'); // let the salt be automatically generated
if (crypt($user_input, $hashed_password) == $hashed_password) {
echo "Password verified!";
}
You need to pass in the original hash, otherwise crypt will generate a random salt and the passwords are very unlikely to match. I.e.
//BROKEN - will almost always print "Bugger off!".
$hash = crypt('Hello world');
$attempt = crypt('Hello world');
if($hash === $attempt){
echo "Access granted!";
}else{
echo "Bugger off!";
}
You don't need to "fetch" the hash from the database, you just hash the given password (from a login attempt I assume) and match THAT hash against the password column of a database. if a match is found where the password column matches the hash that you just made AND the username is a match, then the password is valid.
Thank you all, if i really get your explanations you mean i should hash the coming password from a user attempting to login and then compare the hash value with the one in DB
EXAMple
$salt=//the bcrypt algorithms format, cost parameter and the salt goes here, thesame with the one use when registrian
$coming_pass= crypt( $password, $salt)
mysqli_query ( SELECT from user WHERE username= $username AND
password= $coming_pass)
you just send the unencrypted password into the same crypt process as you did with the encrypted password, then they should match.
PHP has built in Options to do that, look at Creating a Hash, and Verifying a Hash
pseudo-code
hashed password = hp
plain text password = p
seed (Random Number generated by server) = s
hash algorithm (md5, sha1, sha256, ...) = hash
Example with Seeded Hash
hp = hash(p + s)
the order you set the seed is not important, as long you do it the same way every time, by Concatenate the password and seed
Example without Seeded Hash
hp = hash(p)
you will need to save the hp and seed, the p should NEVER be saved by the server, as Plain Text Passwords is a security issue.
C# Code Example:
static public bool IsPasswordCorrect(string hp, string seed, string enteredPasword)
{
return (hp == Sha1(String.Concat(enteredPasword, seed)));
}
this way you have no direct way to get the password from the database, and only the actual Client will have the Plaintext Password.
if you want a 2-way encryption algorithm, you will need to look at RSA, but it is way more complicated and requires a lot of knowledge to make secure.
Is there a way to compare passwords stored in database after being encrypted in sha2() and the password entered by users during login without encrypting the login-time-password? Actually I want to match the passwords character by character and pass for a match in either of upper case or lower case i.e. in other words is there a function or method to de-crypt the saved password before comparison?
What you want to do sounds fishy.
Anyway no you can't recover a hashed string
You can't "decrypt" a SHA hash. Instead, compare the SHA version of the entered password with the stored passwords in the database (also hashed).
$enteredpass = $_POST['password'];
$enteredpass = sha2($enteredpass);
$realpass = sha2('password123'); //Yup, best password EVAR!! xD
if ($enteredpass == $realpass) {
echo "THE PASSWORD IS CORRECT!! :D";
}
else {
echo "THE PASSWORD IS INCORRECT!!";
}
You probably want to use a database, but this is just a simple example... ;)
i'm testing several combinations of sha1 and md5:
<?php
$test = 'fail test';
echo nl2br ("Text: $test\n");
echo nl2br ("md5: ".md5($test)."\nsha1: ".sha1($test)."\nsha1(md5): ".sha1(md5($test))."\nmd5(sha1): ".md5(sha1($test)));
?>
Output:
Text: fail test
md5: 748410d0085967c496d54dd8fcbecc96
sha1: d730125e8cb8576459173655148fb6896ef44c09
sha1(md5): faa3ebeecfec45e509e93e6b245a69e2a78785ea
md5(sha1): b48e89b85c350c91eb302c1de96d4249
Which one better, or maybe user something else ? If yes, what then ?
Both of them are cryptographic hash functions that operate 1-way only, the main difference being that MD5 output size is 128 bits whereas SHA-1 is 160 bits. In brief, I don't see they are much different to use despite MD5 is more common these days.
Curiously, I can't really see how md5($text) is different from md5(sha($text)) when they all encrypted to a 32 character-long string, what about md5($text."token") for example?
And, what do you mean by better? Is it more good looking or more security? See bcrypt if you prefer security :) Wikipedia: http://en.wikipedia.org/wiki/Bcrypt
Hashing a hash adds no extra security. (In fact, it might make it worse if the person has a hash-of-hash lookup table.)
The best hash will be the one that is computationally the most expensive to perform without any vulnerabilities. I would hash passwords with at least sha-256.
Always hash your passwords with a salted key. This key should be unique per password. It doesn't need to be stored privately. The purpose of a salted password is that the hacker who gained access to your database cannot simply compare the hash with a known list of hashes that correspond to common passwords. Instead, he must try to brute force the password by trying every possible password.
By using a unique salt per password, you guarantee that each hash in the database is different, even if they use the same password.
To salt a password, simply create a random string of characters and append it to the password. Here's a sample hash with a 48-bit salt and sha-256:
function make_password($password)
{
# random 48-bit salt (8 chars when base64 encoded)
$salt = base64_encode(pack('S3', mt_rand(0,0xffff), mt_rand(0,0xffff), mt_rand(0, 0xffff)));
return $salt.hash('sha256', $salt.$password);
}
function check_password($password, $hash)
{
$salt = substr($hash, 0, 8);
return hash('sha256', $salt.$password) == substr($hash, 8);
}
$password = 'password';
$hash = make_password('password');
echo $hash."\n";
var_dump(check_password('password', $hash));
var_dump(check_password('wrong', $hash));
Every time you run it, the hash will be different. To validate a password, you select the row where the username matches, and then call check_password($password_from_user, $hash_from_db).
Here's a sample output:
AzrD1jZzc693714a43ad5dfd4106c0a620ef23ff9915070711fa170a6670b8164862b496
bool(true)
bool(false)
You can use a larger salt or a stronger hashing algorithm if you prefer. But at minimum, I would use something like the above.
You should salt your passwords, ALWAYS. This doesn't stop brute force through a login form but if someone managed to get the details, it would be much harder to crack (rainbow tables would be useless unless they manage to get your salt too)
Essentially, if you adding onto the original data or mangling in a controlled way, it will make security a little better. No-one can ever reverse a hash but they can find other inputs thats match the hash. Mangling the user input will make it harder to login for the hackers.
for example, if a user's pass is 123456, if you add a salt of "salt" to it so it becomes 123456salt, the MD5 of this would be 207acd61a3c1bd506d7e9a4535359f8a. A hacker could crack this to become 123456salt but when it comes to using that on your login form, your code will add salt again and the login will fail.
I'd like to use Portable PHP password hashing framework to hash passwords. But I find that its demos don't use salt for hashing a password. But it use a dummy salt for checking password which I find it strange and I don't understand this idea at all,
$dummy_salt = '$2a$08$1234567890123456789012';
if (isset($dummy_salt) && strlen($hash) < 20)
$hash = $dummy_salt;
I wonder, if I want to use convention method which I can generate the unique salt and store it for each user in my database, how can I use Portable PHP password hashing framework to generate salts?
This is the function I use to hash passwords but I have been told that sha512 has the same issue as sha1, wise to trust the expert like Portable PHP password hashing framework,
function hash_sha512($phrase,&$salt = null)
{
//$pepper = '!##$%^&*()_+=-{}][;";/?<>.,';
if ($salt == '')
{
$salt = substr(hash('sha512',uniqid(rand(), true).PEPPER_KEY.microtime()), 0, SALT_LENGTH);
}
else
{
$salt = substr($salt, 0, SALT_LENGTH);
}
return hash('sha512',$salt.PEPPER_KEY.$phrase);
}
Let me know if you have any idea. Thanks.
From the phpass article linked to from that page:
Besides the actual hashing, phpass
transparently generates random salts
when a new password or passphrase is
hashed, and it encodes the hash type,
the salt, and the password stretching
iteration count into the "hash
encoding string" that it returns. When
phpass authenticates a password or
passphrase against a stored hash, it
similarly transparently extracts and
uses the hash type identifier, the
salt, and the iteration count out of
the "hash encoding string". Thus, you
do not need to bother with salting and
stretching on your own - phpass takes
care of these for you.
...so it's not surprising that the examples don't use salting! You may be over-seasoning your code.
The code sample with the dummy salt is an example of how to prevent a timing attack by making sure that whether a user exists or not, the validation of the user takes the same amount of time, effectively by doing a dummy authentication for non-existent users. It needs a dummy salt because if the user doesn't exist, it won't have a stored salt to use.