0

Possible Duplicate:
Secure hash and salt for PHP passwords

THREE part question:

  • Which technique I should use to store a password? (sha1, sha256/512, etc.)
  • What is the ideal size of a salt?

  • What should i use ? 

    $passwordHash = hash('ENCRYPTION',$salt . $password);

    or 

     $passwordHash = hash('ENCRYPTION',$password . $salt);

I intend to store forum passwords only. I am not storing bank credentials or any other highly sensitive items. It should be fast and not rocket science.

Community
  • 1
  • 1
Sourav
  • 17,065
  • 35
  • 101
  • 159
  • 2
    Those are not encryption techniques. Those are hashing techniques. My vote would be for `bcrypt`. – Borealid May 09 '11 at 13:14
  • Since you said fast, md5. If it's a simple forum, I doubt you need more secure hashing algorithm such as bcrypt. – Michael J.V. May 09 '11 at 13:15
  • 1
    You should consider reading the [previously](http://stackoverflow.com/questions/2131252/better-way-save-password-in-mysql-which-can-be-decrypted-also-using-php) [asked](http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords) [related](http://stackoverflow.com/questions/1171627/encrypting-password-using-php) [questions](http://stackoverflow.com/questions/219999/how-can-i-encrypt-password-data-in-a-database-using-php) before you submit your question. – sholsinger May 09 '11 at 13:18

4 Answers4

2

I used MD5 but since it is known that it is broken, I now use SHA-2

$hash = hash('sha256', $pass); - creates 256 bit hash.
David
  • 1,101
  • 5
  • 19
  • 38
  • In your opinion, why is SHA-2 not broken and MD5 is? – Michael J.V. May 09 '11 at 13:25
  • I was told MD5 collision rate is much higher, which would make less safe. Correct me if I'm wrong please! I don't know much about hasing algorithms! I just wanted to share what I use – David May 09 '11 at 13:29
  • the chance of a collision (accidental for otherwise) against an existing MD5 hash is utterly negligible. – Alnitak May 09 '11 at 13:31
  • 1
    It is true that collision rate of MD5 is much higher, however in real world application it's nothing that we mere mortals have to worry about until our websites reach the size of Facebook. You also have to know that MD5 / SHA algorithms are designed to be fast and are susceptible to rainbow table attacks, it takes mere hours to crack majority of user passwords that are up to 8 chars in length. Bcrypt makes rainbow table cracking less feasible because it prolongs the execution time from hours to several years, however it's slow as.. well, it's slow :) – Michael J.V. May 09 '11 at 13:32
  • Oh I see, so unless your website reach an impressive number of users, MD5 can be safe? Is it much faster than SHA and Bcrypt? – David May 09 '11 at 13:35
  • a decent length salt makes rainbow tables impractical – Alnitak May 09 '11 at 13:37
  • Isn't it more that when your site reaches an impressive number of users your site is more of a target? _Unless you manage to anger a group of or a single easily swayed hacker(s)._ – sholsinger May 10 '11 at 13:01
2

Personally, I'd still go with MD5 - it's very fast and widely implemented.

Although security researchers have found a way to make two blocks of text that result in the same MD5 hash (a "collision attack"), there's no known practical way to create an a block of text that produces a specific hash (a "pre-image attack")

Just make sure that you do have a decent length salt (16 random bytes should be more than enough) to ensure that a hacker can't use "rainbow tables" to reverse your hashes.

Alnitak
  • 334,560
  • 70
  • 407
  • 495
0

In my opinion, you should use SHA512, if availble, as it is one of the strongest hashing algorithms that are availble at the moment.

Regarding salt sizes, I would use one the same size as the hash, as the adds a lot more entropy to the hash. I use the uniqid() function in conjunction with the rand() function

I would use code similar to what is below

<?php
    $password = 'password';
    //Generate the salt
    $salt = hash('sha512',uniqid('',true) . rand());
    //Hash our password with the salt
    $passwordHash = hash('sha512',$salt . $password);
?>
fin1te
  • 4,289
  • 1
  • 19
  • 16
0
  1. Any as you state -- it`s not so highly sensitive
  2. Any, but if you want precise number, let it be 32
  3. Any, as the main purpose of the salt is don`t give bad man to determine, whether two passwords are same.

For example I`m a developer of some system and decide to store only login-n-password hash:

user1:qjwhegwqe7865weq786ew7q8
user2:kl21j3kl21j3kl21j3kl12jk
user3:qjwhegwqe7865weq786ew7q8

As you can see, without salt bad man will see, that user1 and user3 have same passwords. That's why salt was invented -- it creates always different hashes. And it's only one it's purpose.

gaRex
  • 4,144
  • 25
  • 37