0

I'm working on some PHP meant to be deployed to users' servers - likely cheap/shared hosting (meaning lowest-common-denominator PHP 5.2, no modification of PHP installation). Common advice for password hashes seems to be bcrypt or scrypt, via installable extensions for PHP 5.2.

I've been thinking about using an iterated SHA-512 with a beefy per-user salt, but it doesn't sound like it really compares to bcrypt/scrypt.

Without the ability to modify the base PHP installation, what options do I have for strong password security?

Community
  • 1
  • 1
cltatman
  • 125
  • 1
  • 6
  • 4
    Keep in mind that security needs to be scaled to the application. If you are writing a tiny 100 user program or even an internal small business tool, it is probably not worth your time to code enterprise level security. SHA-512 with a salt is plenty safe in my opinion for most use cases. Beware of cross site nonsense too however! – thatidiotguy Oct 08 '12 at 17:44
  • Agreed with previous comment. People tend to over-do it, especially in this area. phpBB2 used MD5 for many years... How many hash related problems do you think there were? – mishmash Oct 08 '12 at 17:46
  • My use case probably won't need enterprise-level security. :) However, I think an answer to this problem is likely to be valuable to someone. – cltatman Oct 08 '12 at 17:50
  • If anyone wants a good answer, they will have the time to look for it: http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords – mishmash Oct 08 '12 at 17:51
  • Does your PHP's `crypt()` support blowfish? That's all you need to use bcrypt, you won't need otherwise modify your PHP installation. – NullUserException Oct 08 '12 at 18:02
  • The linked question is my 'common advice' from above - I'll edit the question to clarify. – cltatman Oct 08 '12 at 18:05
  • PHP's `crypt()` documentation says that it falls back to system implementations in <5.3 **when available**, but doesn't say what will happen if no system implementation is available, or what the chances of that are (as far as I could see). – cltatman Oct 08 '12 at 18:09
  • 2
    Things you should know about password security: http://crackstation.net/hashing-security.htm (includes a PHP implementation of PBKDF2) – NullUserException Oct 08 '12 at 18:11
  • A native implementation of PBKDF2 looks like a good fit in the absence of bcrypt/scrypt implementations, would you please post this in the form of an answer so that I can accept? – cltatman Oct 08 '12 at 18:22

2 Answers2

0

The first thing I would say is that PHP 5.2 should not be considered. It was declared end-of life nearly two years ago, and hasn't had any security patches in that time, so any host still using it clearly doesn't take security seriously anyway. You should consider 5.3 as the minimum version these days.

No on to passwords...

The next version of PHP (v5.5) will have a set of functions built-in that provide standardised password hashing. The idea is to once-and-for all get rid of any excuse for bad password practice in PHP. Once this version is released, that will be the only recommended way to handle passwords.

In the meanwhile, you can download a compatibility library that implements the same functions for current PHP versions. Download it from here: https://github.com/ircmaxell/password_compat

My recommendation is to use this library, enclosed in a if(function_exists()) wrapper. That way you'll be using best practice, and also be ready to use the built-in funcs when 5.5 is released.

See also: http://www.h-online.com/open/news/item/PHP-5-5-should-reduce-password-sloppiness-1707835.html for reference.

Hope that helps.

Spudley
  • 166,037
  • 39
  • 233
  • 307
0

As mentioned in the comments to the original question, a PHP < 5.2 implementation of PBKDF2 is available at http://crackstation.net/hashing-security.htm.

PBKDF2 is arguably a better option than bcrypt/scrypt, having been much more thoroughly studied and tested.

cltatman
  • 125
  • 1
  • 6