6

Possible Duplicate:
Secure hash and salt for PHP passwords

I saw someone coding a password hash like this, 

md5(uniqid(mt_rand('password', 15), true));

is that a secured way to do this? is that even worked out?

Community
  • 1
  • 1
itsme
  • 575
  • 1
  • 6
  • 15

3 Answers3

11

No it isn't a safe way. It is crackable and, in your example, it is not repeatable. You would have to store the random value long with the hash itself. If th DB is compromised, then it becomes extremely simple to bruteforce the hash.

You should know that MD5 and SHA1 are two of the weakest hashing algorithms, that are available in PHP.

Much better is to use crypt() function, with CRYPT_BLOWFISH or PBKDF2.

update

Also, as PeeHaa mentioned, it does not work. The mt_rand('password', 15) will cause Warning: mt_rand() expects parameter 1 to be long, string given on line X.

tereško
  • 58,060
  • 25
  • 98
  • 150
6

Not only is that not secure, it doesn't even work.

mt_rand takes 2 parameters, a min value and a max value.

mt_rand('password', 15)

This converts 'password' to an int (0), then returns a random number between 0 and 15.

uniqid(mt_rand('password', 15), true)

This then generates a unique ID, and prepends the random number from the previous step to it: calculating something like this:

144ffb22886d58e1.82100749

That string is then md5'd.

As you may be able to see, this code is 100% useless. The original password is converted to 0 and lost forever, so all you're doing is hashing random numbers, which is pointless. Now that you have your hash, there is no way to verify it again. Since the password is converted, whatever the user enters doesn't matter.

So, no, this code is not secure, do not use it.

Personally, I use the phpass library. It's secure, and simple to use.

gen_Eric
  • 223,194
  • 41
  • 299
  • 337
  • Lets say if I use without `mt_rand()` like this, `md5(uniqid('passwrd', true));` is that better? – itsme Jul 09 '12 at 18:32
  • @itsme: The problem with that is: how do you verify the password later? You need to be able to generate the same hash later, and you cannot do that with `uniqid`. [`uniqid`](http://php.net/manual/en/function.uniqid.php) is not meant for passwords, it's for generating unique IDs (like UUIDs). – gen_Eric Jul 09 '12 at 18:35
  • 1
    Why a -1? What's wrong with this answer? – gen_Eric Jul 09 '12 at 18:37
  • 1
    I have the same question, whats wrong with my question? but i dint down voted at all, I usually upvoted. – itsme Jul 09 '12 at 18:38
2

To be honest I wouldn't even use md5 as a hashing algorithm for storing passwords. I would look into using something like bcrypt. Also I don't even get how your example would work, but in any case if you want to secure it then stay away from md5, sha1 at the minimum and learn from others mistakes and use a salt.

sean
  • 3,955
  • 21
  • 28
  • I think md5 can be secure if you use a good salt, but I agree that newer algorithms are the way to go. – gen_Eric Jul 09 '12 at 18:19
  • 1
    @Rocket If you use md5() just to hash a password with a salt it is not secure – PeeHaa Jul 09 '12 at 18:21
  • MD5 has been super optimized in terms of performance and thus in some cases it is feasible to brute force it still, but I would still not recommend MD5 for a secure implementation of password hashing. – sean Jul 09 '12 at 18:23
  • 1
    @Rocket: you are incorrect for the correct reason. for password usages where the input is not known, `md5` is **not** broken. All current attacks against `md5` require knowledge of the original input to leverage. However, you are incorrect because no `hash(pass + salt)` is secure, even with `sha512`. The problem is that hashes are too fast. Check [this answer](http://stackoverflow.com/questions/8952807/openssl-digest-vs-hash-vs-hash-hmac-difference-between-salt-hmac/11195855#11195855) out. Use a high-cost derived algo (such as PBKDF2 or BCrypt). – ircmaxell Jul 09 '12 at 18:52
  • @ircmaxell: Ah I see. Seems `md5` was build for speed, not security. I don't know much about security/cryptography, so I guess I don't know what I'm talking about. Thanks for that link. – gen_Eric Jul 09 '12 at 18:57
  • `sha512` is also built for speed. For digital signing (the normal use-case for hashes), speed is key. You need to be able to securely verify large documents quickly. So `md5` was designed for both speed and security (as all hashes are). It just turns out that `md5` was broken for the normal use-case... – ircmaxell Jul 09 '12 at 19:10