salt + sha512 + md5 encryption

Question

I have the following code: (just a test file for encryption/hashing)

<!doctype html>
<html>
<head></head>
<body>

  <?php

    error_reporting('off');

    if (isset($_POST['submit'])) {
        $salt = "2bZ@<^$";
        $hash = hash("sha512", $_POST['hash']);
        $hash = $salt . $hash;
        $hash  = md5($hash);
        echo $hash;
        $hashLen = strlen($hash);
        echo "<br>The length of the hashed word is " . $hashLen . " characters long!";
    }

    ?>

    <form action="hashed.php" method="post">
      <input type="text" name="hash">
      <input type="submit" value="Hash" name="submit">
    </form>

</body>
</html>

How safe is this? I know this most probably can be hacked, but how long would it take? I am currently making a php/mysqli registration form and want to make the user's passwords as secure as I can, so that it would take a hacker a very long time to crack one of the user's passwords. To encrypt it even more I can use this for example:

Hashing it with sha512, md5(md5), adding a different salt, two more sha512, another md5 and another different salt!

How secure does that sound? How long would it take a hacker to crack that password? Please could you advise me with using a very, very secure encryption method. Also, I want to keep a user logged in with a cookie: need a secure way to store their information in a cookie!

Thanks in advance :)

Answer 1

This is insecure. It's similar to Dave's home brew hash/kinda stupid algorithm, and the answers explain what's wrong with it. In your case, I'll just say you only do 2 computations using very fast hashes, and that's nowhere near enough to defeat GPU-based cracking.

Also, you should never roll your own cryptography, of course the same applies for hashing functions as well. Instead use the standard and well-tested password hashing functions that come with PHP :

$password = "HelloStackOverflow"; // example password

$hash = password_hash($password, PASSWORD_BCRYPT); // here's the hash of the previous password

// you can set the "complexity" of the hashing algorithm, it uses more CPU power
// but it'll be harder to crack, even though the default is already good enough

$hash = password_hash($password, PASSWORD_BCRYPT, ["cost" => 10]); 

if (password_verify($password, $hash)) { // checking if a password is valid
    echo "Welcome back !"; // valid password
} else {
    echo "You're not the one you're pretending to be..."; // invalid password
}

If your PHP installation is too old (< 5.5) and doesn't have the password_* functions, you can use this library which provides forward compatibility with those functions; the usage stays the same as the example above.

Answer 2

I am currently making a php/mysqli registration form and want to make the user's passwords as secure as I can, so that it would take a hacker a very long time to crack one of the user's passwords

Well, for the elements of a good password storage system (and the threats they protect against), see the Secure Password Storage Cheat Sheet and Secure Password Storage paper John Steven wrote for OWASP. It takes you through the entire threat model, and explains why things are done in particular ways.

Hashing it with sha512, md5(md5), adding a different salt, two more sha512, another md5 and another different salt! ... How safe is this?

Well, there's standard and accepted ways of doing things, and then there's no-standard ways of doing things. I think your scheme falls into the later.

Perhaps it would be a good idea to use something that's widely accepted.

How long would it take a hacker to crack that password?

Cracking is not the only threat here. More than likely, the guy trying to break into your organization is going to be using one of the top passwords from the millions of passwords gathered from the Adobe breach, the LinkedIn breach, the Last.fm breach, the <favorite here> breach.... For example:

• 25 most-used passwords revealed: Is yours one of them?
• The 30 Most Popular Passwords Stolen From LinkedIn
• Top 100 Adobe Passwords with Count

Why bother brute forcing when you have a list of thousands of top rated passwords to use?

So your FIRST best defense is to use a word list that filters a user's bad password choices. That is, don't allow user's to pick weak or known passwords in the first place.

If someone gets away with your password database, then he or she is going to use those same password lists to try and guess your user's passwords. He or she is probably not even going to bother brute forcing because he or she will have recovered so many passwords using a password list.

As I understand it, these word lists are quite small when implemented as a Bloom Filter. They are only KB in size even though there are millions of passwords. See Peter Gutmann's Engineering Security for an in depth discussion.