1

I know full well its not safe to store logins in plaintext however I've been unable to find an answer to my specific question. What I'm trying to do is store server passwords in a database for recall with an automated php script however I'm paranoid about the db being hacked so I need to insure they are not retrievable in the event it does get hacked. As with any project I'm planning for a "worst case" situation. The passwords themselves are generated randomly.

Tivie
  • 18,864
  • 5
  • 58
  • 77
David_Hogan
  • 125
  • 1
  • 3
  • 14
  • http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords/401684#401684 – Farkie Feb 22 '14 at 01:02
  • This deals with passwords more from a user perspective where the correct plaintext is given first. Thank you either way :) – David_Hogan Feb 22 '14 at 01:06
  • 1
    hashing is one way so that you CAN'T retrieve/recall passwords - this is what makes them more secure. if you put them into the database so that you can get them out, you're asking for trouble. look into this: http://www.php.net/manual/en/faq.passwords.php – timgavin Feb 22 '14 at 01:09

3 Answers3

1

Short answer:

You can't.

Slightly longer answer:

You could use a reversible cryptographic algorithm. Basically, instead of hashing the password (which is irreversible), you encrypt it.

HOWEVER, this offer little more protection that storing passwords in plain text. Keep in mind that any reversible mechanism can, by definition, be reversed so, if your database is hacked then the perpetrator might be able to reverse your passwords.

Tivie
  • 18,864
  • 5
  • 58
  • 77
1

hash and salt your password using PHP's password_hash() function, then insert it into mysql. Note: this uses a different salt every time, which makes it even more secure - and you don't have to store the salt in your database, as PHP stores it for you automatically.

// hash and salt...
$password = password_hash($your_random_password, PASSWORD_DEFAULT);

Now, to check your random password against the stored password in mysql (from the step above) to see if it's legit

if(password_verify($your_random_password, $row->passwd)) {
    echo 'password is legit';
} else {
    echo 'not legit';
}

See this for more information on hashing with PHP. http://php.net/manual/en/faq.passwords.php

timgavin
  • 4,972
  • 4
  • 36
  • 48
1

If you absolutely, positively have to return the passwords to use them to log into other systems automatically - the safest ways to do it (and no, these won't be as secure as merely storing salted hashes) would be to:

Method 1

1: Have an file on the server outside of the document root containing a replicable method for generating an encryption key - hashing the password creation time or something.

2: Store the password in an BLOB field encrypted with AES_ENCRYPT using the key you've generated from the script.

3: Ensure that you've always got an SSL connection to whatever systems you're logging into using these passwords and that when PHP communicates with the database its either on the same machine/rack or is doing so with an encrypted line.

Method 2 (better but there are provisos)

If you can store GPG private keys on the servers to which you need to log into, you can use their corresponding public keys to encrypt the passwords before entering them into your database.

Then pass the GPG encrypted passwords across to those systems as and when you need to - they can then decrypt the passwords and use them.

This does mean you need control over those systems of course to be able to implement GPG.

CD001
  • 8,332
  • 3
  • 24
  • 28