0

I'm studying password encryption algorythms. I know the existence of bcrypt, scrypt, and varients, but I want to chanllenge myself on this question and that's why I came up with this algorythm in PHP:

$secret = md5( uniqid( mt_rand(), true ) ); // Length is 32
$passwd = 'qwert123';
$hash = $secret . hash( 'sha256', $secret + $passwd );

Since secret is randomly determined and added at the front of the password hash, I could verify the password input like this:

$secret = substr( $hash_from_db, 0, 32 );
$hash_from_db === $secret . hash( 'sha256', $secret + $input_from_user );

What do you think about this implementation? I would do like to receive some feedback about it. Thank you.

zx81
  • 41,100
  • 9
  • 89
  • 105
Vitor de Carvalho
  • 58
  • 4
  • 6
    You have just reinvented [salting](http://en.wikipedia.org/wiki/Salting_(cryptography)). – Oliver Charlesworth Sep 11 '13 at 22:19
  • 1
    great work if you came up with that with out knowing what a salt was. –  Sep 11 '13 at 22:21
  • 1
    Use PHPass, it's smooth and guaranteed to work. The best protection out there at the moment. – Jonast92 Sep 11 '13 at 22:37
  • Yes, that's how people were storing passwords *before* bcrypt and scrypt. If you are familiar with those, **use them**. They are several orders of magnitude better for password hashing. Also hashing != encryption. – Sammitch Sep 11 '13 at 22:56
  • Related question in sec.se: http://security.stackexchange.com/q/18197/20774 – 1615903 Sep 12 '13 at 15:42

2 Answers2

2

If you're using PHP 5 > 5.5, you can use the new password_hash() function.

There are compatibility functions for older versions of PHP - here's one: https://github.com/ircmaxell/password_compat/blob/master/lib/password.php

calcinai
  • 2,567
  • 14
  • 25
0

MD5 is considered cryptographically broken - don't use it for security.

You're only hashing salt+password once. It took me about 10 seconds to find a tool that will crack a salted hash like this using a dictionary look up. Your implementation should not be considered secure against any form of determined attack.

To improve things consider hashing multiple times; using more than one salt; changing hash algorithm part-way through; introducing something unpredictable. Speed is not your friend - the more time you spend obfuscating things, the more secure it will be.

  • 4
    There's a tool that can find a SHA-256 collision when concatenated with 128 bits of entropy in a sane amount of time? – Oliver Charlesworth Sep 11 '13 at 22:26
  • @OliCharlesworth - A salt does _not_ add any entrophy, it will usually be stored plaintext after all, so it is known. Brute-forcing a single password is not more difficult if a salt was used, but you have to brute-force every password separately, that's the purpose of a salt. – martinstoeckli Sep 12 '13 at 08:34
  • @martinstoeckli: Yeah, I realise now that I misread the answer; the salt makes no difference to the cost of a dictionary attack (I was thinking of rainbow tables...) – Oliver Charlesworth Sep 12 '13 at 09:19