8

I need to up the security of our website, and is currently using the guide here: http://crackstation.net/hashing-security.htm, and also the generation of random passwords here: https://defuse.ca/generating-random-passwords.htm. I gather that both uses the function mcrypt_create_iv() for generating random bytes (or bits?), but for some reason, I encounter errors in installing php-mcrypt under CentOS 6. Fortunately, the first link said that openssl_random_pseudo_bytes() is a CSPRNG (and the PHP documentation and other sources also back that claim), and is available on the current server installation of PHP 5.4, so I have no choice but to use that at the moment. With these in mind, I would like to ask the following:

  1. Does a direct code substitution suffice without affecting security? (That is, just replacing calls to mcrypt_create_iv() to openssl_random_pseudo_bytes() would do?)

  2. About the constants mentioned in the code (http://crackstation.net/hashing-security.htm#properhashing), the guide says that "[m]ake sure your salt is at least as long as the hash function's output." Am I right in assuming that PBKDF2_SALT_BYTES and PBKDF2_HASH_BYTES are both set to 24 bytes since the output of the pbkdf2() function would be just 24 bytes, not 32 (for 256 bits) since the underlying algorithm used is sha256? (Yes, I am using key stretching too.) In a related note, is 24 bytes fine, or should be increased/decreased, and what effect would that have?

Advanced thanks for those who will answer.

Pop
  • 12,135
  • 5
  • 55
  • 68
shippou
  • 95
  • 1
  • 1
  • 8
  • 1
    Also see [Upgrading my encryption library from Mcrypt to OpenSSL](http://stackoverflow.com/q/43329513/608639) and [Preparing for removal of Mcrypt in PHP 7.2](http://stackoverflow.com/q/42696657/608639) – jww Apr 21 '17 at 17:49

1 Answers1

8
  1. I think the security will not be affected because both functions are just cryptographically secure pseudorandom number generators (NB: openssl_random_pseudo_bytes($len, true) and mcrypt_create_iv($len, MCRYPT_DEV_RANDOM)).
  2. PBKDF2_SALT_BYTES is used only in the test function create_hash() and not in pbkdf2() itself. So you just need to implement your own salt generation function using those CSPRNGs.
o_nix
  • 1,146
  • 1
  • 16
  • 30
  • Thanks for the reply, but I still would like to clarify something: Is 24 bytes fine, or should I increase it? – shippou Sep 04 '12 at 01:57
  • 1
    @shippou I'm not a crypto specialist but I think 24 symbols are hard to brute-force, according to [this](http://calc.opensecurityresearch.com/) calculator it will take about 358 sextillion years on a single computer (24 — HMAC MD5 — ualpha-numeric). – o_nix Sep 04 '12 at 08:35
  • Thanks for the clarification and the link! I really don't know that site existed. Thanks for the referral. :) – shippou Sep 05 '12 at 07:49
  • 1
    Just a note that `openssl_random_pseudo_bytes($len, &$crypto_strong = null)` So passing in `true` as the second parameter does nothing but throw a warning It is there to indicate whether the cipher use is strong ([docs](http://php.net/manual/en/function.openssl-random-pseudo-bytes.php)) – evo_rob Mar 20 '17 at 09:37