3

I was just reading a post to create a login system and while reading I saw about password hashing.

We are going to store an sha256 hash which is a string always containing 64 characters.

This article is teaching to use sha256 hash function. After reading this, I did not stop and started to search more about creating secure login system and then I came up with this article by wikiHow. In this article, they are using sha512 hash function. This really confused me that which function am I going to use for my next login system. I still searched google for better article and found this article by crackstation. The writer recommends both sha256 and sha512.

Only cryptographic hash functions may be used to implement password hashing. Hash functions like SHA256, SHA512, RipeMD, and WHIRLPOOL are cryptographic hash functions.

I thought my search is over and I can use sha256 or sha512 function but while searching more I found this SO Question. The accepted answer by Robert K had new things for me. The things about I have never heard before which is bcrypt and scrypt.

All this stuff was written about 2 to 4 years ago.

Question

Which is the best password hashing algorithm used these days for PHP?

Community
  • 1
  • 1
Muhammad Talha Akbar
  • 9,952
  • 6
  • 38
  • 62
  • i think using more than 1 variables. For example: `sha1($username . '-' . $password);` – Lkopo Aug 31 '13 at 12:14
  • 2
    @userNOID: That's still not enough. You should read the linked question as well. – Madara's Ghost Aug 31 '13 at 12:34
  • Also see Openwall's [Portable PHP password hashing framework](http://www.openwall.com/phpass/) (PHPass). Its hardened against a number of common attacks on user passwords. – jww Oct 11 '14 at 23:31

1 Answers1

9

The main thing here is that you want to choose a hash that is slow. The only feasible attack vector for any of these hashes is brute forcing. Meaning, an attacker can only try all possible passwords one after the other, hashing them using the same algorithm as you did and compare them to the hash. The longer this takes for one password the more infeasible it is to find a match.

The SHA family of algorithms is designed to be fast, because they're not designed to be used for this purpose. As such they are by themselves somewhat unsuitable for password hashing; though they can be used as part of an algorithm which makes them suitable, such as PBKDF2 (which in short repeats the hashing many thousands of times to stretch it).

bcrypt and scrypt are explicitly designed to be slow and are as such much more suitable for password hashing. bcrypt is designed to be very expensive in terms of CPU power, while scrypt is designed to be very expensive in terms of memory consumption. CPU power is better scalable using todays hardware than memory is, so scrypt is currently seen as the best thing to use. Though it is very cutting edge at the moment and has seen little support in terms of usable code. bcrypt on the other hand is supported by PHP using password_hash directly.

deceze
  • 510,633
  • 85
  • 743
  • 889
  • Why answer this when there's a perfectly good canonical ***exact*** duplicate? – Madara's Ghost Aug 31 '13 at 12:28
  • 1
    Why not? This question is explicitly about the differences between SHA* and *crypt, so a concise answer to this question isn't bad, no? – deceze Aug 31 '13 at 12:29
  • His question is: "Which is the best password hashing algorithm used these days for PHP?", which is perfectly answered in the duplicate. There's nothing here asking about the differences between SHA and crypt... – Madara's Ghost Aug 31 '13 at 12:33
  • 1
    Alright, yes, the other answer is great. It is pretty lengthy though, so I still see value in a concise, simple answer specifically about what the difference between algorithms is and why some are better than others. – deceze Aug 31 '13 at 12:35
  • @deceze OK, you got a good little explaination but do you have a nice article to read more about `bcrypt` and `scrypt` ? – Muhammad Talha Akbar Aug 31 '13 at 13:25
  • @Muhammad Not really. But blowfish (bcrypt) is sufficiently talked about in many places, Google should suffice. For scrypt I found this cute explanation: http://www.youtube.com/watch?v=gICktQu1ySU – deceze Aug 31 '13 at 13:38
  • @deceze I have youtube blocked here but I will figure that out with proxy. Thanks, I have your article about encodings to read. ;) – Muhammad Talha Akbar Aug 31 '13 at 13:45
  • Hey, @deceze If bcrypt takes CPU power then what will happen to the hacker's system who is using brute-force attack? – Muhammad Talha Akbar Aug 31 '13 at 16:19
  • @Muhammad What do you mean? It will make his CPU very busy for a long time. – deceze Aug 31 '13 at 17:11
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/36604/discussion-between-muhammad-talha-akbar-and-deceze) – Muhammad Talha Akbar Sep 01 '13 at 07:05