2

Could someone please confirm the following for me:

Is the point of encrypting passwords when saving them into a database that if the database is hacked into then the hacker won't be able to know the actual passwords, unless s/he has the algorithm and salt etc to decrypt it, and therefore won't be able to compromise this or other accounts using the same password?

But my main query is: presumably the password is encrypted in, for example, the PHP script that saves the password into the database, and therefore the algorithm to decrypt the password is clear in that script. So is it correct that if the hacker hacked into the server or content management system for the website s/he would be able to access that script and decrypt the passwords?

So essentially the encryption is only as relevant as your login information to your online CMS or server is strong?

Thanks in advance!

user1039769
  • 225
  • 1
  • 2
  • 7
  • Not your personal research assistant: http://phpsec.org/articles/2005/password-hashing.html – clentfort Sep 10 '12 at 14:10
  • Voting to close as off-topic, since it doesn't relate to a practical programming problem. I think it would be better suited to [security.stackexchange.com](http://security.stackexchange.com/). – Anthony Grist Sep 10 '12 at 14:11
  • The encyrption algorithm used (SHA1, MD5 etc.) for encyrpting passwords is non-reversible. It is a one way encryption. – Flukey Sep 10 '12 at 14:11
  • Passwords are usually hashed with a one way function and, therefore, access to the code will not enable the hacker to reverse the process. – vascowhite Sep 10 '12 at 14:12
  • Read this -> [Fundamental difference between Hashing and Encryption algorithms](http://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms) – Manse Sep 10 '12 at 14:12
  • 3
    Why the downvotes? This is a good question (possibly better suited to security) but a good question. It shows someone who wants to *understand* what their code is doing and how to improve it rather than just blindly following a tutorial. +1 from me. – Fluffeh Sep 10 '12 at 14:13
  • Voting to re-open. This is certainly a programming related question, in the same way that any tool used with programming is related. Plus, there is certainly solid precedent for this type of question here. – Brad Sep 10 '12 at 14:14
  • 1
    @Brad Seconded to re-open. This will certainly contain information that can be very useful to other users. – Fluffeh Sep 10 '12 at 14:14

3 Answers3

7

Your passwords shouldn't be encrypted in the database.

What is commonly done is taking a hash of the passwords, and storing that in the database. A hash is a one-way function. It isn't possible to reverse it and get a result. To check to see if a password is correct, the test password (what the user enters) is re-hashed with the salt to see if it matches the has from before.

This way, should someone obtain a copy of the database, they only know the hashes, which take an incredibly long time to find a collision (match) for. Adding a unique salt for each password ensures that users with the same passwords have different hashes, meaning the work to find hash collisions has to happen for each password (very slow).

Brad
  • 159,648
  • 54
  • 349
  • 530
  • 1
    Thanks Brad (and Fluffeh) for your patience and understanding. I think the key I was missing was the concept of making each salt unique. – user1039769 Sep 10 '12 at 14:36
3

You're missing the point. You do not store encrypted passwords in a database, you store password hashes in the database.

You do not want to decrypt the password, you want to compare the stored hash with a calculated hash!

JvdBerg
  • 21,777
  • 8
  • 38
  • 55
0

Passwords aren't actually encrypted. They're actually hashed via a one-way hashing algorithm. This means that "theoretically", an attacker shouldn't be able to reverse the hash. Problem is: A lot of beginner web developers will use hashing algorithms that are fast. This means that the usage of lookup tables becomes an issue, where a script can be used to hash a whole bunch of dictionary words and then compare them against the hashed password from the DB.

Wayne Whitty
  • 19,513
  • 7
  • 44
  • 66