My question is how do I get the same result from mcrypt as I would get from crypt, with respect to blowfish?
I am wanting to use the phpass framework for password hashing and verifying. Which works really well as long has you have PHP 5.3 because blowfish is included with crypt().
My host is running PHP 5.2.x with the mcrypt library.
Going through the docs and googling about blowfish with crypt, it appears that the result is '$a2$', the two character iteration value, '$', the salt ( padded or cut to 22 characters ), then a 32 base64 string representing the hash.
My problem is I can't find explanations of the MCRYPT_MODE_modenames that make sense to me. And how do I feed mcrypt() the number of iterations I want? Or are the two functions using different forms of blowfish that dont cross translate?
Mcrypt, and crypt() are two totally different functions. Mcrypt is two-way encryption, whereas crypt is one-way encryption. As far as I am aware crypt() is inside of php 5.2. Also, if I was you I'd just reference crypt() itself. And I'd also use bcrypt from it.
$hashed_password=crypt($password_to_be_hashed,'$2a$04$saltstringhere');
Finally, just change the two digit cost factor inside of the two digits after the $2a$. That will allow you to change the amount of cputime that is going to be required for it. Remember it goes up logarithmically(if i remember correctly). The default value is 07.
Finally crypt_blowfish is the two-way encryption algorithm of blowfish that takes keys up to 448 bits. The blowfish inside of crypt is bcrypt, is based upon blowfish but was designed for storing passwords as it hashes them. This is known as one-way encryption.
Related
The PHP function crypt() creates a hash for a password. It requires a second parameter for a random salt. This salt can also include additional instructions about which algorithm to use. Seems like a hack, but that's the API. So I add the $6$ prefix to get the SHA-512 hash I need. (Can't use bcrypt for the external non-PHP application that shall also be able to verify the hash. The hash must be verified from PHP and other applications with limited algorithms support.)
Now there are two problems that the PHP manual leaves me alone with:
1) Where do I get a random salt and what requirement does it need to satisfy? I've read about openssl_random_pseudo_bytes and I thought I'd just base64-encode it. But how many source bytes or encoded characters do I need?
2) How can I verify such a hash in PHP again? There doesn't seem to be a single function to do that. I believe I can call crypt again with the same salt as before, but to do that, I need to extract the hash and algorithm and whatever else is needed from the stored password hash. I've seen hashes with variable number of $ characters, so that doesn't seem like a good delimiter to split by.
I've read about phpass but it doesn't support sha-512, so I can't use that.
PHP version is 5.5.9 so some functions may not be available.
Given that the rule of thumb is to store salted hashes of the password string, not the encrypted form of it, why does the PHP crypt() function use the DES-based algorithms? Isn't DES an encryption algorithm? The manual says
... crypt() will return a hashed string using the standard Unix DES-based algorithm or alternative algorithms that may be available on the system ...
What I understand from here is that crypt() only uses the algorithm as implemented by the system. And surely DES is implemented as an encryption algorithm rather than a custom hashing algorithm for crypt.
PS - I know that DES was way back in the past and nobody should use it anymore.
The idea of DES-based password hashing is, basically, to encrypt a block of zeroes with the password and passed salt for some number of rounds. Any half-decent encryption makes key recovery hard even in the face of known plaintext, so that’s why it’s possible to make strong password hashes out of encryption functions.
I think the PHP default is compatible with this scheme.
I am writing a PHP script to authenticate users. I want to use SHA512 for the hash and use a salt to prepend to the password. To generate the salt, I want to use mcrypt_create_iv. But first, I must figure out the initialization Vector size. For this, I see php has: mcrypt_get_iv_size. But I have a question, please:
For mcrypt_get_iv_size() what do I use for the cipher string and the mode string? Please keep in mind I am using SHA512, so the salt needs to be at LEAST as long as the sha512 hash. For experimenting, I tried " mcrypt_get_iv_size(CRYPT_SHA512, MCRYPT_MODE_CFB) " but php complained.
Actually mcrypt_create_iv() was designed to generate a random binary string, which can be used for encryption. What you want to do is hashing not encryption, so mcrypt_get_iv_size() does not make sense here.
Since PHP 5.3 it is safe to use mcrypt_create_iv() to generate a random string, but keep in mind that you get a binary output, which does not fit into the alphabet of the hash function.
You can look at this example which shows how to use mcrypt_create_iv() for generating a salt. To hash a password you should not use sha512 though, instead use a key derivation function like BCrypt, which is slow.
The length of the salt has nothing to do with the IV size of any cipher. Rather you need to figure out how many bytes of random data are needed for your particular hashing algorithm, taking the salt formatting into account. For examples bcrypt needs 16 bytes with base64-esque encoding.
Anyway, the mere fact that you need to ask this question means that you don't know what you're doing and that's a really bad sign when it comes to password hashing. Please use one of the existing libraries for this purpose instead.
I am working on a registration form where I need to encrypt password, I've heard that it is recommended for me to use the Blowfish encryption for passwords, How do you implement a blowfish encryption using PHP crypt() function? also, I am planning to retrieve the password later for logging in.
The short answer is use crypt with a salt beginning with the characters $2a$, a two digit cost parameter, $, and 22 digits from the alphabet ./0-9A-Za-z. That only works on systems that support the Blowfish encryption algorithm. However, PHP 5.3 implements it natively. See PHP manual — crypt for more details.
Example:
crypt('rasmuslerdorf', '$2a$07$somesillystringforsalt')
The salt string triggers the appropriate algorithm. The two digit cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithm and must be in range [04 – 31]. In the example 07 tells the algorithm to use 27 or 128 iterations. The higher this number, the longer it will take to execute BUT, in the context of hashing user passwords, that is a GOOD thing.
This answer to a similar question explains in more detail what BCrypt is,how it relates to Blowfish, and why you should use it. There are many other related topics here on Stack Overflow.
phpass is an excellent, easy to use password hashing framework that works on all systems, using Blowfish if it’s supported, and falling back to other algorithms if it’s not.
You should never need blowfish to encrypt a password like this. The registration form should be over HTTPS, which will handle defense against an attacker on the wire. The password its self should be hashed (never encrypted). bcrypt is a good password hash function based on blowfish. But there are plenty of posts related to secure password storage on SO.
So far I have been using md5 to hash passwords on my site, no salt.
Now I am building an application that will have to be more secure and I'm reading md5 can be easily brute-force attacked.
So I want to use crypt() to hash the passwords.
What I have not fully understood is:
Do I have to provide a salt or is the built-in generated one ok?
How many times (if more than one) should I iterate the crypt function to be safe?
With md5, no matter the length of the input string, the hash was 32-digit. Does crypt return a standard length of hashes too?
You need to provide a salt, if you want to specify encryption other than DES. Otherwise, you're good with the default salt.
You don't iterate the crypt function yourself, this is done internally with algorithms where it makes sense. Number of iterations is specified via the salt.
Yes, the hash length of a given hash algorithm is standard; different hash algorithms have different hash lengths, however.
crypt can use different hash algorytms. With md5 it returns 128 bit integer (with 32 chars hex representation). Using crypt with a salt once is safe enought. It's recommended the salt to be provided by the application
An optional salt string to base the hashing on. If not provided, the
behaviour is defined by the algorithm implementation and can lead to
unexpected results.