1

I'm basically using this:

$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./';
$numChars = strlen($chars);
$salt = '$2a$12$';

for($i = 0; $i < 22; ++$i) {
    $salt .= $chars[mt_rand(0, $numChars - 1)];
}

Is it okay to use that?

Ryan
  • 5,883
  • 13
  • 56
  • 93

4 Answers4

1

For PHP version 5.3.7 or higher I belive this is the best:

$blowfish_salt = "$2y$10$".bin2hex(openssl_random_pseudo_bytes(22));

For PHP version 5.5 or higher just use the new password_hash() function with automatic salt creation.

Jim Westergren
  • 91
  • 1
  • 5
0

That's good to use. You working too hard on randomizing your salt though.
You could always do something shady like this $salt = md5(mt_rand()) :)
Just use something like this when you want to save the password on your next step.

    $encryptedPassword = crypt($userPassword, $salt);

This should default to blowfish if you have an up to date version of PHP

Jared Drake
  • 982
  • 4
  • 12
  • I have PHP 5.3 and it defaults me to MD5 -_-' – Waleed Khan Aug 18 '12 at 03:57
  • "up to date" is too vague; this is "dangerous". There is no "working too hard". – Jared Farrish Aug 18 '12 at 03:57
  • @JaredFarrish Yes there is: it's called reinventing the wheel. – Waleed Khan Aug 18 '12 at 03:58
  • Sorry, up to date means 5.3.7+ – Jared Drake Aug 18 '12 at 03:59
  • @arxanas - Reread the comment; this is bologne. The PHP Blowfish algorithm has had some problems in certain versions. The whole "point" in password hashing is to make data "recovery" (by rainbow or otherwise brute force methods) as difficult as possible to recover. – Jared Farrish Aug 18 '12 at 04:01
  • @(arxanas Jared Farrish) Oh you two, let's not fight. :) Jared do you know a better algorithm than blowfish that is available in php? Or if in those certain versions of PHP will default to the next algorithm? – Jared Drake Aug 18 '12 at 04:03
  • I prefer Blowfish [in certain versions, implemented correctly](http://www.php.net/security/crypt_blowfish.php). Other algorithms like SHA_256 and SHA_512 may be "faster" than I like, but in lower versions than 5.3.7, I'd pick those possibly (considering) than BLOWFISH. – Jared Farrish Aug 18 '12 at 04:05
  • @Jared Farrish Ya, I don't know they are so muuuuch faster, and I absolutely hate that. What is an example of a problem in these certain versions does blowfish create? – Jared Drake Aug 18 '12 at 04:06
  • "Fast" algorithms mean databases (for lookups) can be generated "quicker" comparative algorithms. The best attack against most hashed data values right now is simply checking for a matching value in a database; hence, salts, which randomize that data due to "separate" injected values. So. A "fast" algorithm is less "desirable" than a "slow" algorithm, simply because it takes longer to recreate a table to a certain degree and depth. We're talking many, many, many, many thousands of rounds, though. The law of large numbers applies. – Jared Farrish Aug 18 '12 at 04:09
  • Ya, we understand that. Faster algorithms mean that hackers can brute force quicker, but I was still seeking an example of the certain problems for our friend Ryan using crypt on >= 5.3.7. – Jared Drake Aug 18 '12 at 04:13
0

I don't know whether it's okay to use, but since mt_rand is based on system time it's predictable. It'd be better to use a superior random generation algorithm like openssl_random_pseudo_bytes or the /dev/random utility if it's available.

See: https://stackoverflow.com/a/6337021/454533

Community
  • 1
  • 1
Explosion Pills
  • 188,624
  • 52
  • 326
  • 405
0

With Blowfish you only need 21 chars for the salt the rest is forgotten.

This part $2a$12$ is not a salt its the algorithm and cost(iterations of hash).

Your salt can be made simply by sha1 and then return the first 21 chars:

$salt = substr(sha1($_SERVER['HTTP_HOST'].uniqid().microtime(true)),0,21);

So something like:

$algo = '$2a$12$'; //Keep this safe

//store along side hash as the salt, for future compares
$salt = substr(sha1($_SERVER['HTTP_HOST'].uniqid().microtime(true)),0,21);

$hash = crypt('The string to be hashed', $algo.$salt.'$');
Lawrence Cherone
  • 46,049
  • 7
  • 62
  • 106
  • Heres a [secure login class](https://code.google.com/p/php-pdo-secure-login-script-example/source/browse/branches/index.php) example I made a while back, perhaps its of interest, uses sha512 @ 25k times lol its largely overkill – Lawrence Cherone Aug 18 '12 at 04:20
  • Why would using SHA512 more than once make it any more secure? If anything, it should make it more likely for collisions to occur. – Waleed Khan Aug 18 '12 at 04:42
  • @arxanas its for creating a **slow hash** Imagine that you use a hash function that can only run 1 million times per second on the same hardware, instead of 1 billion times per second. It would then take the attacker 25k times longer to brute force a hash. 60 hours would turn into nearly 171 years! – Lawrence Cherone Aug 18 '12 at 04:55
  • just to clarify, it is acceptable to store only the value returned by `crypt()` - which contains the algorithm, the hash and the salt. – Ryan Aug 18 '12 at 05:01
  • the thing about using sha1() is that it will only return characters [0-9a-f] whereas the CRYPT_BLOWFISH salt can use [0-9a-zA-Z./]. does that matter? – Ryan Aug 18 '12 at 05:09