0

I have never seen this fatal error in PHP before... It started when I found a password hashing class on github: 

 $Config = array(
        "Depreciated" => 1,
        "Notices" => 1,
        "Errors" => 1,
        "Warnings" => 1,
    );
    $Salt_Settings= 1;
    $Password_Hashing = new SlayerSolutions\Authentication($Salt_Settings,$Config);

$Password_Hashing ->SetSalt("f4dd32"); 
$Password_Hashing ->SetKey("Login"); 
$Password_Hashing ->SetPositioning(0); 

$Password_Entities = $Password_Hashing ->Password_Props($_POST['Password']);
$Result_Array = $Password_Hashing ->Hash_Password($Password_Entities );

This returns:

Fatal error: Incorrect Usage Of Hashing Functions. This must be executed in a step procedure.

I cannot view the actual code structure of the class as it seems to have been encoded with ioncube or something

Sophie Mackeral
  • 897
  • 4
  • 12
  • 21
  • 2
    There is no way to tell without the `full` source code of `SlayerSolutions\Authentication`. That said, anyone calling themselves `SlayerSolution` and setting the salt explicitely is clearly not using secure solutions... – Sébastien Renauld May 17 '13 at 14:14
  • 2
    Who the hell puts obfusicated code on github? Bit of an oxymoron! Anyway, you're probably better off implementing something different for your password hashing. No point trying to fix something like this, there's much better stuff out there. Have a look at this question for a bcrypt implementation http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php – Thomas Clayson May 17 '13 at 14:15
  • Is has the option for random salt or statically assigned salt with the first parameter being passed `$Salt_Settings` If i set it to 0 then it will randomly generate a salt – Sophie Mackeral May 17 '13 at 14:15
  • @SophieMackeral you have to ask yourself, do you really want to use a password hashing class/script that you can't see the source code of? If its really just straightforward hashing why has the author gone to so much trouble to encrypt it with ioncube? Then why have they put it on github in the encrypted state? Seems a bit fishy to me. Could be just me being paranoid, but for "security" stuff I would always like to be able to see what's going on. – Thomas Clayson May 17 '13 at 14:18
  • @SophieMackeral: makes no difference. Bet you £1 it's either hashing using MD5 or SHA1, both of which are vulnerable (especially MD5). If it was bcrypt or any other industry standard the salt would be **in** the hash. Anyway, source code please? – Sébastien Renauld May 17 '13 at 14:18
  • @SébastienRenauld https://github.com/SlayerSolutions/Authentication – Sophie Mackeral May 17 '13 at 14:21
  • @SophieMackeral: Why someone would put a rar in github is beyond me. Anyway, booted up the laptop (easier to read stuff than the tablet) and I'll have an answer for you shortly. Prepare the £1, by the way. :p – Sébastien Renauld May 17 '13 at 14:23
  • 1
    Use this instead: https://github.com/ircmaxell/password_compat/ It's just about the best and most trusted solution out there at the moment, and will be incorporated into the PHP core. – deceze May 17 '13 at 14:26
  • Also: https://github.com/SlayerSolutions/Authentication/issues/1 – deceze May 17 '13 at 14:27
  • @deceze: decrypting it as we speak. – Sébastien Renauld May 17 '13 at 14:28
  • @SébastienRenauld What program do you use to decode? – Sophie Mackeral May 17 '13 at 14:36
  • @SophieMackeral: I trace the script path using xdebug. – Sébastien Renauld May 17 '13 at 14:36
  • @SophieMackeral: first good pearl: `Warning: Please Note. Your Private Key and Salt should be kept secret and not on any ouput.
    For testing purposes this is fine, but please ensure to store the salt/key in the database and not reveal to
    the user. in C:\xampp\htdocs\slayer\Class.php on line 0`. The salt is **meant** to be public.     – Sébastien Renauld May 17 '13 at 14:37
  • (And the pepper should definitely not be near the data. Talk about shooting in a barrel) – Sébastien Renauld May 17 '13 at 14:37
  • @SébastienRenauld isn't the salt suposed to be stored within the database and not user pointing? same with the PK? – Sophie Mackeral May 17 '13 at 14:39
  • @Sébastien Ha! https://github.com/SlayerSolutions/Authentication/blob/master/Download/Class.php :D – deceze May 17 '13 at 14:42
  • @Sébastien HMAC SHA512 it is, BTW. :P – deceze May 17 '13 at 14:43
  • Also, the salt isn't necessarily *meant* to be public, but it doesn't do any harm if it is. Love that this is triggered as a `WARNING` though. X-D – deceze May 17 '13 at 14:45
  • @SébastienRenauld I guess you owe me that £1 for not being MD5 or SHA1 :P – Sophie Mackeral May 17 '13 at 14:46
  • @deceze: `SHA512(salt * SHA512(message))`. Meh. Not much more secure as explained here: http://security.stackexchange.com/questions/3165/hmac-why-not-hmac-for-password-storage – Sébastien Renauld May 17 '13 at 14:46
  • 1
    So overall this 'Framework' is one to avoid? – Sophie Mackeral May 17 '13 at 14:48
  • 1
    @SophieMackeral: Yup. Also, deceze, he's not using HMAC-SHA512. He's butchering HMAC-SHA512. More in a long answer. – Sébastien Renauld May 17 '13 at 14:49
  • @Sébastien True, but at least it's not a butchered MD5 or SHA1. ;) – deceze May 17 '13 at 14:50
  • @SophieMackeral: if you're in the DC area, I'm more than happy to buy you a coffee :p turns out this guy was one step better than all the crappy "xSolutions" people. – Sébastien Renauld May 17 '13 at 14:58
  • @SébastienRenauld Unfortunatly i'm not. England i'm afraid. Furthermore, after monitoring the issue that deceze has posted, it seems the entire script will go under a revamp based on this topic, and define what you mean by one step better.. It seems from the feedback on this question, he failed at a security application :P – Sophie Mackeral May 17 '13 at 15:02
  • @SophieMackeral: the whole point of security is that your algorithms should be as secure if they are public as when they are private. By encrypting this class, the guy proved that he didn't know better. And not just that, but he also committed rookie blunders. Discard all that and revamp it. I'll write you a little filler for this if you like. – Sébastien Renauld May 17 '13 at 15:04
  • Where are you from, in the UK? I lived in Oxford until two months ago! – Sébastien Renauld May 17 '13 at 15:04
  • @SébastienRenauld Essex, which first before you lose a lot of respect.. it's nothing like that TV show 'TOWLIE' – Sophie Mackeral May 17 '13 at 15:05
  • @SophieMackeral: I know, been there a couple of times. I almost accepted a job in Colchester before my girlfriend found one in D.C., too :-) – Sébastien Renauld May 17 '13 at 15:08
  • @SophieMackeral: Anyway. It's worth looking for a framework that actually has `password_hash()`. I personally am very fond of Laravel3, Laravel4, Symfony and Kohona. #1, #4 are easy to learn, #3 is stupidly powerful. – Sébastien Renauld May 17 '13 at 15:15
  • @SébastienRenauld Thankyou for your feedback, same with deceze. It's been really appreciated. I will take a look into Kohona and Laravel*.. I've looked at Symfony in the past and couldn't get to grips with it – Sophie Mackeral May 17 '13 at 15:44

1 Answers1

3

Your error comes from not having done this:

 $Formatted_Password = $FrameWork->Format_Password($Password_Entities);

Which in effect sets $this->Props_Called = 1;. Absolutely pointless shit.

Why you should not be using this:

First OMGWTFBBQ moment:

else{
        $length = mt_rand(0,25);
        $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
        $string = '';

        for ($p = 0; $p < $length; $p++) {
            $string .= $characters[mt_rand(5, strlen($characters) -1)];
        }
        $this->Salt = $string; // Set Salt Randomly Generated
 }

This bit of code generates a random salt. Instead of taking advantage of the full 255-byterange-or-more of ASCII, the guy is limiting himself to 36. Instead of having 255^N in entropy, you ahve 36^N. That's a BIG loss.

Second WTF moment:

if ($this->Positioning == 0){
            $Return_Array['SaltedPassword'] = $Password_Props['Password'].$Password_Props['Salt'];
        }
        if ($this->Positioning == 1){
            $Return_Array['SaltedPassword'] = $Password_Props['Salt'].$Password_Props['Password'];

The whole POINT of HMAC is to salt the key, NOT the message. There is a very important reason for this: it is due to the way HMAC hashing works. The salt "double dips" in the key, whereas it does not if it is in the value.

(For the record: HMAC-ALGO = ALGO( (key XOR pad1) CONCAT ALGO( (key XOR pad2) CONCAT value)) )

THIS is a major issue. You are, once again, losing quite a bit through doing this. Right now; if your salt is in the value, your algorithm is equivalent to ALGO(key ALGO(value)), which is no better than just ALGO(value . key).

Reference for this point is here: https://stackoverflow.com/a/7273257/2167834

Community
  • 1
  • 1
Sébastien Renauld
  • 19,203
  • 2
  • 46
  • 66
  • 1
    If you want another OMGWTFBBQ moment: the variables like salt, key and plaintext etc are protected... but you can get them all using `Password_Props`. If you plan on using this, make sure to unset the Authentication class the moment you're done with it. – Sébastien Renauld May 17 '13 at 14:59
  • Another good one. `mt_rand` is not true RNG. With some mumbo jumbo, you could generate non-random salts. More info here: http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks_files/paper.pdf – Sébastien Renauld May 17 '13 at 15:07