15

All,

I am using the following PHP function to salt & hash user passwords for a web app: 

function stringHashing($password,$salt){
 $hashedString=$password.$salt;
 for ($i=0; $i<50; $i++){
  $hashedString=hash('sha512',$password.$hashedString.$salt);
  }
 return $hashedString;
}

What is the best way to store the resulting string in MySQL? I suppose it is a fixed CHAR field? How should I go about calculating the right length?

Thanks,

JDelage

JDelage
  • 13,036
  • 23
  • 78
  • 112
  • 1
    This may help .. http://stackoverflow.com/questions/2319588/storing-hashed-passwords-in-mysql. – tjm Jun 02 '11 at 21:39
  • 1
    why aren't you using a third parameter for the number of times to rehash the string? – zzzzBov Jun 02 '11 at 21:44
  • Not a duplicate - my question is about sha512, not SHA-1. – JDelage Jun 02 '11 at 21:53
  • @JDelage Practically, how does SHA512 differ from SHA-1? Therein lies the answer (and the "duplicate", as it applies ;-) –  Jun 02 '11 at 21:59
  • @pst - The string output of the 2 algos is of different length. The answer to the SHA-1 question doesn't explain how to calculate the string length based on the algo. Therefore, there's no way to answer my question with the SHA-1 question unless you have additional knowledge. – JDelage Jun 02 '11 at 22:05
  • @JDelage So what is the output size of SHA512? That is the answer. [Wikipedia SHA-2](http://en.wikipedia.org/wiki/SHA-2) (and realizing that it takes two hex characters to encode 8 bits) contains all the information needed. It would be beneficial to apply some *critical thinking* and *judicial searching* before posting an "exciting" question such as this. I will pull up the other relevant documentation (such as that of the PHP documentation), if you wish. –  Jun 02 '11 at 22:07
  • 5
    **Don't use SHA512 for passwords!** – Scott Arciszewski Apr 17 '16 at 08:14
  • @ScottArciszewski - this is an old question but still: why not, and if not SHA512 then what else? – JDelage Apr 28 '16 at 18:45
  • [How to safely store your users' passwords](https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016). Don't use a fast hash like SHA512, use a *password hash* (compound noun) instead. – Scott Arciszewski Apr 28 '16 at 19:37

3 Answers3

27

Well, SHA512 will always return a 512 bit hash, the two-argument hash() method returns this as hex digits, so that's 512 bits / 8 bits per byte * 2 hex digits per byte = 128 hex digits

A CHAR(128) should be what you need

Michael Borgwardt
  • 342,105
  • 78
  • 482
  • 720
1

If someone knows your salt, they probably have your source code which guides them to repeat it 50 times. In that light, given the trivial security benefit to recursive re-hashing with a fixed-count, I thought I'd suggest using SHA2() from MySQL 5.5.5+ as a neater alternative:

mysql_query("SELECT SHA2(CONCAT('$password','$salt'), 512) AS `hash`;");

Which will be your VARCHAR(128) ready to INSERT/UPDATE.

Alastair
  • 6,837
  • 4
  • 35
  • 29
1

I have always used a varchar field with a more-than-needed length. What if, down the road, you want to change your algorithm? You have to alter the table, which is annoying.

SHA512 will produce a 128 char string, so give the field at least that.

Also, I must point out that you are doing a lot of wasted processing. You are not adding too much security by iterating through the same salt and hash over and over and over again. Ultimately, you will still need a salt and password, everything else about the algorithm remains constant.

SamT
  • 10,374
  • 2
  • 31
  • 39
  • 3
    In this case the size is well-known, just as say for a GUID. It's not someones name so there is no "Mr. WhatchaCallitIHadParentsWhoWantedToPlayAPracticalJoke". If the requirement changes later, then change the schema... later. –  Jun 02 '11 at 22:01
  • "Also, I must point out that you are doing a lot of wasted processing. You are not adding too much security by iterating through the same salt and hash over and over and over again." I did that based on http://stackoverflow.com/questions/3559437/many-hash-iterations-append-salt-every-time/3559497#3559497 – JDelage Jun 02 '11 at 22:06
  • (Although, I wonder if the same can be said about using SHA-2/SHA-512 and not SHA-1... but I'm no cypto expert.) –  Jun 02 '11 at 22:11
  • @JDelage they're using a variable number of runs, while with yours, it stays constant. Think of hashing sorta like taking a derivative: All constant data no longer matters because you're representing a rate of change. In terms of data security, this is equally true because even though you're iterating it 50 times, that does not change between other items to be hashed. – SamT Jun 02 '11 at 22:18
  • Fascinating - I had completely missed that. – JDelage Jun 03 '11 at 17:37