Correct way of using SHA512 encryption

Question

I am trying to use SHA512 algorithm in PHP using function crypt.

My salt:

$salt = base64_encode(substr(str_shuffle("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345‌6789"), 0, 12));

I get something like this:

Q4CALzJNenFaZnNK

I am not sure why I get lenght 16 while I specified 12.

And to hash the password, I use this:

$hashed = crypt('myPassword', '$6$rounds=5000000$'.$salt);

The output is something like that:

$6$rounds=5000000$Q4CALzJNenFaZnNK$9QTP6C.BZ9Z.U85UIEAVX1dEIdShHFoYGgTMvgv9Cx/XZY1mK/n2rY4FuHSoigjgIXfqGZftZSxrrF.cDBzt8/

Lenght: 121

So my question is it ok to store this password in the database or should I strip $ signs as I saw in few examples?

Also I already store passwords in VARCHAR(255) and I was wondering if I could make the output twice as long, i.e. near 255 characters?

Is this way more secure than for instance Blowfish?

My findings:

The length of a hashed password is not that important as I first thought (60 characters is well enough to store instead of 128 or 256).

It is best to use password_hash function and forget about generating your own salt - php.net know what they do.

So I ended up hashing passwords this way:

$hash = password_hash($password, PASSWORD_BCRYPT, array("cost"=>15));

PASSWORD_BCRYPT is Blowfish algorith with the default cost of 10 (times it runs the algorithm or something). 10 is a good number to slow down the brute force attacks. I wanted to show how you can change the cost manually.

(SHA512 is not encryption, its hashing) Base64 encoding something of length X does not guarantee an output of length X; the output will always be longer. You would take 12 from the base64 output - or better generate a truly random value that's not based to a small subset of bytes with unknown randomness. — Alex K., Jan 27 '15 at 13:06
"if I could make the output twice as long" - why? It won't be more secure. It will require more storage. — symcbean, Jan 27 '15 at 13:08
PHP has [password_hash()](http://php.net/password_hash) which takes care of salting and everything for you. Don't reinvent the wheel. — Quentin, Jan 27 '15 at 13:14
Your method to create a salt is not really secure. It will only use each letter once, and it well never create the string `AAABBB` for example. It would be better to use PHP's built-in salt-generating algorithm, using `password_hash` for example. — Sjoerd, Jan 27 '15 at 13:25
What would be the correct way of using password_hash() with SHA512? I tried using $hash = password_hash('myPassword', CRYPT_SHA512); but it suspiciously returned Blowfish (default) algorithm: $2y$10$dyKVDUfXTBrHiGtHESjn7udXsTjzcsJ26oE5uU9IEA3Vdo6VrRBWK — gVoid, Jan 27 '15 at 14:15

score 1 · Answer 1 · answered Jan 27 '15 at 13:08

You have this:

$salt = base64_encode(substr(str_shuffle("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"), 0, 12));

You can simply remove the base64_encode from this to get a 12 character salt. Also note that in your version you have some non-ascii, non-printable characters between the 5 and the 6. That probably causes the binary output. Try this:

$salt = substr(str_shuffle("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"), 0, 12);

score 1 · Accepted Answer · edited May 23 '17 at 12:31

You get a larger salt back because of base64_encode will enlarge your 12 character string to a 16 character string (it's encoding does that)
You can store the string fully in one field but if you want easy access to the salt, you could store the salt in another field. (You need the salt again to recheck if the user password input is correct - the salt only makes sure that a hash of the same password wouldn't give the same hash)
Is SHA512 safer as Blowfish? As erickson on stackoverflow said, they are both good enough for the purpose

score 0 · Answer 3 · answered Jan 27 '15 at 13:12

So my question is it ok to store this password in the database

Yes, just store the whole thing in the database, including the $6$ and the rounds=5000000. This makes it possible to switch to another hash type in the future, and you can just use crypt on the whole password to check it.

score 0 · Answer 4 · answered Jan 27 '15 at 13:16

Also I already store passwords in VARCHAR(255) and I was wondering if I could make the output twice as long, i.e. near 255 characters?

In principle longer is better, so SHA512 is better than SHA256. However, a 120 character hash is already pretty long and there is no advantage to make it even longer. You can increase the length of the salt, but don't try to make the hash longer by appending another hash or something like that.

Correct way of using SHA512 encryption

4 Answers4