5

I have just started learning PHP and I want to create a website with a login for my final year university project. I've read that blowfish is the best method for hashing in a number of places like here: openssl_digest vs hash vs hash_hmac? Difference between SALT & HMAC?

Everywhere I read about the crypt method includes a string like $2y$07$usesomesillystringforsalt$ My main question is: how do I randomly generate this? I've read in places that time stamps and mt_rand() are not secure.

Also I've heard AES is the preferred technology recently but from what I can see it seems pretty tricky to implement in PHP! Is blowfish still an acceptable method to secure stored passwords?

Community
  • 1
  • 1
Connel
  • 1,844
  • 4
  • 23
  • 36
  • 2
    Its not randomly generated its `$algo$cost$salt$` where salt is its perfectly safe to use microtime affixed with your domain name sha1'nd `substr(salt,0,21)` as anymore then 21 chars will be dropped. Perhaps something I made early will interest you [php-pdo-secure-login-script-example](https://code.google.com/p/php-pdo-secure-login-script-example/source/browse/branches/index.php) – Lawrence Cherone Nov 25 '12 at 23:14

3 Answers3

6

A salt should be unique (for each password) and unpredictable. These two criterias are a bit difficult to fulfill with a deterministic computer, so the best thing you can do is, to use the random source of the operating system, to generate the salt.

Time stamps, as well as the mt_rand() function, are not ideal, because one can argue that they are predictable. At least an attacker can narrow down (and therefore precalculate) the possible combinations for a certain period. While this may not have a big impact in practice, why not do the best you can?

Since PHP 5.3 you can safely use the mcrypt_create_iv() function to read from the random source, then you will have to encode the binary string to the allowed alphabet. This is a possible implementation.

PHP 5.5 will have it's own functions password_hash() and password_verify() ready, to simplify this task. There is also a compatibility pack for PHP 5.3/5.4 available, downloadable at password_compat.

Kerem
  • 11,377
  • 5
  • 59
  • 58
martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
6

For PHP version 5.3.7 or higher I belive this is the best:

$blowfish_salt = "$2y$10$".bin2hex(openssl_random_pseudo_bytes(22));

For PHP version 5.5 or higher just use the new password_hash() function with automatic salt creation.

Jim Westergren
  • 91
  • 1
  • 5
  • Beware guys, bin2hex(openssl_random_pseudo_bytes(22)) will return 44 characters. For php blowfish, you need bin2hex(openssl_random_pseudo_bytes(11)) – David Constantine Aug 04 '17 at 17:12
3

Blowfish is still acceptable, and preferred over fast-hashing methods.

The point of a salt is to prevent precomputed table attacks. As long as you have a non-trivial salt, like the microtime, you have thwarted any precomputed tables that didn't happen to use that exact salt.

Waleed Khan
  • 11,426
  • 6
  • 39
  • 70
  • So would something along the lines of `$password = crypt($_POST[passward], '$2y$07$'.microtime());` be OK? Thanks for your help – Connel Nov 25 '12 at 23:44