0

So I heard md5() and sha1() are both outdated and potentially broken. I've heard that crypt() isn't a viable solution as well.

If that's the case, can anyone point out what are the current up to date cryptography good practices in PHP? I've searched the web but didn't find anything that looked up to date/potential.

Nick Johnson
  • 100,655
  • 16
  • 128
  • 198
Madara's Ghost
  • 172,118
  • 50
  • 264
  • 308
  • Also, I was unsure whether to open it here or on programmers, if you think this belongs there, feel free to vote for close. I'll support you. – Madara's Ghost Apr 08 '12 at 14:47
  • 1
    What problem do you want to solve with cryptography, or more precisely, with cryptographical hash functions? Do you want to store passwords securely? – Daniel Roethlisberger Apr 08 '12 at 14:50
  • Yes, for instance. I want to store passwords, credit card numbers, and other sensitive information used for authorizing users and payments. In short, I want it as secure as possible, even at the cost of slight inefficiency. – Madara's Ghost Apr 08 '12 at 14:55
  • The correct choice depends on what exactly you want to do. Sometimes you want fast, sometimes, slow. Sometimes you'd rather use encryption. Sometimes you you want to slow down GPUs and ASIC, sometimes you don't. – CodesInChaos Apr 08 '12 at 15:22
  • Storing passwords and credit card numbers are fundamentally different challenges - for the latter, you need to be able to recover the original number; for the former, you don't. – Nick Johnson Apr 09 '12 at 04:52
  • @NickJohnson that's a good point! Got any suggestions? – Madara's Ghost Apr 09 '12 at 09:51
  • @Truth Passwords are simple - use PBKDF2, scrypt, or bcrypt. Credit card numbers are harder - because the search space is so small, it's hard to protect against brute-force. Check out the relevant data protection standards and see what they recommend, I guess. – Nick Johnson Apr 09 '12 at 10:02
  • For credit cards you need to look up the relevant security standards you must comply with. – CodesInChaos Apr 09 '12 at 21:03

1 Answers1

4

Hash plus salt alone is outdated, too, and generally no longer endorsed in password hashing schemes. It's too easy to calculate such hashes in parallel (even with individual per-user salts), a resourceful attacker is most likely able to break such a scheme.

You should use some form of iterative hashing instead. In addition to applying salts to your passwords, such an algorithm artificially slows the entire hashing process down (cryptographic hashes are generally designed to be as fast as possible while upholding a fixed "security margin"). Suitable primitives to reach this goal are generally considered to be the bcrypt, scrypt or PBKDF2 algorithms. See for example this answer for a discussion on how to use bcrypt in PHP.

Community
  • 1
  • 1
emboss
  • 38,880
  • 7
  • 101
  • 108
  • So looping through the hashing algorithm around 100,000 times sounds good? – Madara's Ghost Apr 08 '12 at 17:56
  • 1
    Better but also not perfect. Use one of the three I mentioned, they were specifically designed for that purpose by experts in the field. Use them instead of rolling your own scheme, it's too easy to get something wrong. – emboss Apr 08 '12 at 18:38
  • salts are used with good hashing schemes too. They're just not sufficient. So your first sentence is very misleading. – CodesInChaos Apr 08 '12 at 23:23
  • @CodeInChaos That's true, it is misleading. I should have better phrased it "salts alone". Will update, thanks for the comment! – emboss Apr 09 '12 at 00:22