hash() vs. crypt() function comparison

Question

I'm currently implementing a login system. I want to store the password and the salt in a database. Now I found out that there is a hash() and a crypt() function which seems to do the same (valid for SHA512).

hash() is newer and seems to support more hashing alogrithms than crypt(). Or there any other differences I should know/care about?

Edit:

function generatePasswordHash($password){
    $salt = base64_encode(mcrypt_create_iv(8));
    $calculatedPasswordHash = crypt($password, '$1$' . $salt . '$');

    return $calculatedPasswordHash;
}

The result looks like $1$Qh6ByGJ9$zLn3yq62egvmc9D7SzA2u.

Here my password checking function:

function checkLoginData($username, $password){
    global $db;

    $sql = "SELECT * FROM users WHERE username = :username";
    $result = $db->ExecuteQuery($sql, array("username"=>$username));

    if(!empty($result)){
        $result = $result[0];
        $savedPasswordHash = $result['password'];
        $splitted = explode("$", $savedPasswordHash);
        $salt = $splitted[2];
        $calculatedPasswordHash = crypt($password, '$1$' . $salt . '$');

        if($savedPasswordHash === $calculatedPasswordHash){
            return true;
        }
    }

    return false;
}

@CodeInChaos: Storing and accessing password hashes from the database. Both can take a salt (add salt to `$data` parameter of `hash()` through concatenation). — testing, Apr 23 '12 at 13:30
Just concatenating the salt to the data is insecure in many cases. Don't do that, unless you really know what you're doing. It's also *fast* and you want it to be *slow*. — CodesInChaos, Apr 23 '12 at 13:33
The new code encrypts the password, instead of hashing it. i.e. its trivially reversible. — CodesInChaos, Apr 23 '12 at 17:52
@CodeInChaos: So using `mcrypt()` is the wrong way? [Here](http://www.php.net/manual/en/mcrypt.ciphers.php) are the available encryption functions. Don't see MD5, SHA1, SHA2 here ... Seems crypt with MD5 is my only option. — testing, Apr 24 '12 at 08:28
The md5 crypt scheme is decent. bcrypt is better, but I don't see any glaring issues in with md5 crypt. (Using a plain md5 hash on the other hand is a really bad idea) — CodesInChaos, Apr 24 '12 at 08:34
@CodeInChaos: Did I get this right? With "MD5 crypt" MD5 with salt is meant? — testing, Apr 24 '12 at 10:19
No, I mean the `crypt` function in `CRYPT_MD5` mode. Not simply md5(data+salt). Single iteration md5 sucks, even with salt. — CodesInChaos, Apr 24 '12 at 10:20
@CodeInChaos: Yes, I meant `CRYPT_MD5`. Thanks for clarifying that point again. See my edited question, which should do that. — testing, Apr 24 '12 at 10:23
No idea what format `mcrypt_create_iv` returns. You might need to encode it before passing it to `crypt`. It's also recommended to use at least 64 bit salts. — CodesInChaos, Apr 24 '12 at 21:25
Probably OK now. But as I said, I'm no php programmer. I also believe `crypt` returns the salt as part of its result, i.e. it's unnecessary to return/store the salt again. — CodesInChaos, Apr 25 '12 at 08:39
@CodeInChaos: You are right. A part of the salt is returned, but not the whole one. I need to store the salt to check later the user input with the hash/salt stored in the database. — testing, Apr 25 '12 at 08:58
If it returns only part of the salt, it's very likely that the rest of the salt gets ignored. — CodesInChaos, Apr 25 '12 at 09:00

score 16 · Accepted Answer · edited Oct 15 '12 at 15:43

16

Use hash for hashing, for example in integrity checks. It directly uses the specified hashing algorithm.

crypt is a special purpose function. It's used for password hashing and key derivation. You'll need to pass in a salt, which indirectly determines the hashing scheme used. Even if you choose CRYPT_SHA512 this isn't plain SHA512. It's a key derivation function that uses SHA512 as building block. In particular such a scheme is deliberately slow(hider brute-force attacks) and combines salt and password in a secure way.

For password hashing in a log system, crypt is clearly the right choice.

edited Oct 15 '12 at 15:43

NullUserException

83,810
28
209
234

answered Apr 23 '12 at 13:28

CodesInChaos

106,488
23
218
262

Which function do you prefer to use for storing/retrieving password hashes? – testing Apr 23 '12 at 13:33
2

`crypt` with `CRYPT_BLOWFISH` and a high quality salt, from a crypto PRNG, such as `mcrypt_create_iv` should be fine. This requires php 5.3. But as I am no php programmer, I haven't looked into the details. – CodesInChaos Apr 23 '12 at 13:43
I found out that the webspace only provides `Standard DES` and `MD5`. I'll have a look into the `mcrypt` library ... – testing Apr 23 '12 at 14:20
Hey can someone please explain to me or edit this answer to provide information on the differences between hashing and using a cryptographic function, thank you! – Rafael May 26 '15 at 20:21

hash() vs. crypt() function comparison

1 Answers1

Linked

Related