13

I am using PHP. I used to use native mysql function password() to store passwords. I was told that password() is not safe anymore. What would be the best method to store passwords in PHP? is it MD5?

vladr
  • 65,483
  • 18
  • 129
  • 130
Moon
  • 22,195
  • 68
  • 188
  • 269

6 Answers6

25

Updated Answer 2016:

The winner of the PHC (Password Hashing Competion) was Argon2. Hashing passwords with Argon2 is the best practice as of 2016.

PHC ran from 2013 to 2015 as an open competition—the same kind of process as NIST's AES and SHA-3 competitions, and the most effective way to develop a crypto standard. We received 24 candidates, including many excellent designs, and selected one winner, Argon2, an algorithm designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from University of Luxembourg.

We recommend that use you use Argon2 rather than legacy algorithms.

The reference implementation is available on GitHub.

Updated Answer 2012:

The original answer I gave below was once considered to be a best practice. However, advances in hash-computing technology have rendered these schemes vulnerable. Going forward, the only secure password hashing schemes are iterative hashes such as bcrypt and PBKDF2. For a full discussion, see Jeff Atwood's analysis.

Original Answer 2009:

I recommend first prepending a salt value to your password, followed by hashing the resultant string with a reasonably strong hashing function like SHA256. This secures against the obvious (plain text passwords) and the not so obvious (attack using Rainbow tables).

Keep in mind that if you store passwords in this way, you will not be able to retrieve a user's lost password. They'll only be able to reset passwords. This is because you'll be using a one way hash. But this limitation is generally worth the tradeoff for a more secure password storage system. Even if your database is compromised, your user's passwords will still be exceedingly difficult and probably unpractical to recover by a would be attacker.

Community
  • 1
  • 1
Asaph
  • 159,146
  • 25
  • 197
  • 199
  • 3
    This is one of two ways of dealing with passwords. The other is; don't. Use OpenId/Facebook Connect/Live Auth/something else; in other words; let somebody else store the password. – noocyte Oct 20 '09 at 06:09
  • 1
    is bcrypt better than this setup? – Tony Stark Feb 10 '10 at 07:58
  • 1
    Yes, use bcrypt rather than doing this. bcrypt is doing all the good things described above for you, plus more. – tialaramex Jun 20 '11 at 01:21
  • @hatorade, @tialaramex: I was not familiar with bcrypt at the time I wrote this answer. I have since learned the benefits of iterative hashing. I'll update the answer accordingly. – Asaph Jun 20 '11 at 04:28
4

bcrypt is actually more secure. See: Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes

Jay Sidri
  • 6,271
  • 3
  • 43
  • 62
2

You need to salt the password.

vBulletin does a pretty good job at storing passwords. md5(md5(password) + salt);

jdelator
  • 4,101
  • 6
  • 39
  • 53
  • 3
    I'm not sure what the point of double-md5ing is... thats just a form of security through obsecurity isn't it? "oh they'll never guess that i md5'd it twice!" – mpen Oct 20 '09 at 06:16
  • A rainbow attack gets really hard to crack. It's now 32 characters plus the three salt. – jdelator Oct 20 '09 at 06:23
2

To argue with the the other answer, VBulletin does a horrid job of hashing passwords. Their salt is only 3 characters long, only fractionally increasing the security of your application.

Check out http://www.openwall.com/phpass/ . They do an excellent job of using a long hash, unique to each password, and running the password through md5 thousands of times. It is one of the best hashing systems for php out there.

Cullen Walsh
  • 4,318
  • 1
  • 17
  • 12
0

If you can avoid storing the user password that's your best option, imo. Use OpenId (like Stackoverflow) to authenticate the user. Or Live Authentication (http://dev.live.com/liveid/). If you really, really need to authenticate the users yourself; do what Asaph says in his answer. :)

noocyte
  • 2,484
  • 5
  • 29
  • 44
0

Salt and hash.

We typically use a random guid as the salt and then SHA512 to hash.

user211084
  • 1