25

What is the difference between PASSWORD_DEFAULT and PASSWORD_BCRYPT? Do they both use Blowfish encryption algorithm? What is cost in an algorithm? How to set up password_hash in PHP produce a 255-hash length instead of 60?

rexhin
  • 409
  • 1
  • 4
  • 11
  • 1
    Why do you want a 255 character hash rather than the generated 60 character hash? – Mark Baker Mar 13 '14 at 23:33
  • Slowing down BruteForce attacks? – rexhin Mar 13 '14 at 23:43
  • 1
    A longer hash won't do anything to slow down brute-force attacks, cost does this for you.... longer !== more secure, or slower – Mark Baker Mar 13 '14 at 23:44
  • Doesn't take it longer to decrypt a 255 hash string rather than 60? It will take much time I think. Can you explain me why it is better to rise the cost rather than increasing hash length? – rexhin Mar 13 '14 at 23:47
  • 2
    Nope, length isn't the primary factor related to speed of breaking a hash.... entropy of the bits in that length matters more than the length itself, and a deliberate slowdown of the hashing execution reduces the effectiveness of using a processor farm for trying millions of possibilities per second to hundreds of possibilities. password_hash() is deliberately slow, and increasing the `cost` affects reduces that speed even more – Mark Baker Mar 14 '14 at 00:26
  • Thanks again for these great and clear answers. :) – rexhin Mar 14 '14 at 00:42

3 Answers3

36

Currently PASSWORD_BCRYPT is the only algorithm supported (using CRYPT_BLWFISH), therefore there is currently no difference between PASSWORD_DEFAULT and PASSWORD_BCRYPT. The purpose of PASSWORD_DEFAULT is to allow for the inclusion of additional algorithms in the future, whereupon PASSWORD_DEFAULT will always be used to apply the strongest supported hashing algorithm.

Cost is related to the number of iterations of the algorithm that are executed, and affects the speed of calculation as well as the hash value generated. Higher costs take longer to execute, slowing brute force attacks

Mark Baker
  • 209,507
  • 32
  • 346
  • 385
  • I stumbled upon [`one of your answers`](http://stackoverflow.com/a/3250892/) Mark, while Googling the subject. Actually, my query was "how do hackers obtain passwords mysql php?" since I've always asked myself the very same question as my query. If a machine figures out a password, shouldn't that be matched against the username associated with it, and how would they obtain in from the DB in the first place?... which I haven't really found an answer to those questions. – Funk Forty Niner Mar 14 '14 at 01:16
  • 1
    There's many ways that a hacker can gain access to a list of users and passwords, not least an SQL injection vulnerability that allows them to modify a query, or physical access to a database server. Which is why the password hash needs to be protected – Mark Baker Mar 14 '14 at 07:59
  • I had the same question, but just echo'd `CRYPT_BLWFISH`, `PASSWORD_BCRYPT`, and `PASSWORD_DEFAULT`, and found they all had the same value as "1", thus they must be currently the same. – user1032531 Dec 25 '14 at 15:05
  • If the default changes in the future, is it likely to be backwards compatible with reading existing passwords stored in the DB? – BSUK Apr 23 '17 at 22:45
  • 2
    @BSUK Yes it will be backward compatible, because part of the generated data includes the algorithm used, so password_verify() will always know how to verify the hash – Mark Baker Apr 23 '17 at 23:43
4

As Per the documentation PASSWORD_DEFAULT is meant to be future proof

From the docs:

PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).

Rifky Niyas
  • 1,737
  • 10
  • 25
Victory
  • 5,811
  • 2
  • 26
  • 45
2

There is no difference between PASSWORD_DEFAULT and PASSWORD_BCRYPT for the moment. Refer here

The cost will depend on the number of rounds the hash will be applied. It is also explained in the link above. If you want to increase the security of your hash, you better increase the number of rounds instead of the length.

Rifky Niyas
  • 1,737
  • 10
  • 25
iceduck
  • 163
  • 9