-1

Revising my "question" so as not to rustle the natives.

It seems there are so many resources around the internet these days (SO included) that finding "an" answer to a question may be easy, but how to tell if that answer is valid or even up to date?

One area in particular and one that gets asked a lot is how to deal with hashing and encryption properly with PHP for preparation in database storage. One common answer on SO always seems to be "Have you visited php.net yet?". While I understand this typically comes to a question in which somebody asks the simplest of questions, I have started to find some of the descriptions seem to conflict and more importantly, the user examples are outdated (a lot from 2008-2009).

For example: when seeking why and how to use password hashing: http://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash

In summary, I learn that sha1 and md5 are fast and computationally efficient methods of hasing, they are no longer suitable for password hashing. The suggested method is to use the crypt() function.

When learning more about crypt() and in particular blowfish hashing, the rules stated on the page are as follows:

http://www.php.net/manual/en/function.crypt.php

  • start my salt with $2a$
  • continue with two numeric values (user below has stated the significance of this whereas php.net does not)
  • follow with a $
  • enter 22 alpha-numeric characters

Further reading gives an example of:

<?php

    if (CRYPT_BLOWFISH == 1) {
        echo 'Blowfish:     ' . crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$') . "\n";

    }
?>

It seems the example on the same page does not follow the rules it just told us to use (26 characters after "$2a$07$".

The return has is:

Blowfish:
$2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi

essentially, the string itself does in fact get altered but nearly my entire SALT value (the first 22 characters mentioned above) is sitting wide open. Wouldn't this make it somewhat simpler to determine what my actual string was?

More importantly, this is only one example but ultimately, how heavily should resources such as PHP.net be relied upon?

As my friend Mugatu once said "I feel like I'm taking crazy pills".

Note: the pages mentioned above were edited since my original posting so I cannot guarantee things have not changed since my original question and examples provided.

JM4
  • 6,740
  • 18
  • 77
  • 125
  • Blowfish can be decrypted, is therefore not suitable for hashes. – sqwk Jul 29 '11 at 17:25
  • @sqwk -- JM4 means "EksBlowfish", the one way hashing algo based on Blowfish -- this is NOT the reversible block cypher! – Dereleased Jul 29 '11 at 17:27
  • @pst - I don't see it as a rant but call it that if you must. I call it a statement for programmers and collaborators to review their work before they post it for the masses. It is the state of technology in general. People on SO get pissed off when folks post questions about how to do something right, call them idiots when they don't refer to basic sites like php.net, then in turn the site (as I have demonstrated above) makes little to no sense. Half of SO recommends sha1 or md5 encryption which the site clearly states is not recommended so where does the difference lie? – JM4 Jul 29 '11 at 17:28
  • -1 for comparing apples with pears. Hashing != Encryption – fyr Jul 29 '11 at 17:29
  • @fyr - did I compare the two as equal? Hashing is an integral part OF encryption so yes they are related and when one is dumbed up, then the expectations for the latter follow. – JM4 Jul 29 '11 at 17:31
  • @JM4 they are both part of the topic cryptography not encryption. But from their aspects they have two very different goals. – fyr Jul 29 '11 at 17:38
  • @pst Lack of proofing? Are words misspelled? The title 'hash' was originally flawed but if I am the first person to misspell a word or two in a post, stone me. I believe the question "How is this hashing at all?" is a valid question. If you find the example above sufficient, an answer stated such below is recommended. if you agree (as others below have done) then they stated other options or suggestions. Your post about a rant is misguided and from my perspective comes off as an SO defender upset about somebody bashing the typical "did you check php.net" answer given. – JM4 Jul 29 '11 at 18:21
  • @pst I have reworded my question entirely just for you. It is a fully understandable question with a real purpose and value. – JM4 Jul 29 '11 at 18:39
  • I am not sure who this is voted 'not a real question' but whatever – JM4 Aug 09 '11 at 19:43

3 Answers3

6

You're right, the internet (being a wonderful and terrible place) is FULL of contradictory information on how you should do this. I have my own opinions (I like EksBlowfish for one-way password hashing) which I outline in this shameless, self-serving blog plug.

One important note, in case you don't follow that link. The two numbers that follow $2a$ are NOT RANDOM. They are the Log-Base-2 of the number of rounds of EksBlowfish to run on the string; basically, every time you increment the number by 1 (e.g., $2a$07$ to $2a$08$), you double the amount of time it takes to calculate the hash.

This is by design -- it allows EksBlowfish to be extremely computationally expensive, and when hardware scales up (Moore's law) you can bog it back down and make it expensive again.

As a good friend of mine put it, the only real way to try to fend off a good cracker is to waste their time. Again, check out this shameless, self-serving blog plug if you want more information on (a) EksBlowfish and (b) why you should use it; if you want, skip to the end of the article for links to things written by people who are significantly smarter than I am.

Edit

As for why PHP includes direct implementations of things like SHA-1 and MD5 is because PHP wasn't invented yesterday, it's been around (in various forms) for 20 years. MD5 used to be considered secure. Things change.

Community
  • 1
  • 1
Dereleased
  • 9,939
  • 3
  • 35
  • 51
  • good answer. I appreciate your time to explain the log-base-2 portion above and for giving a response other than "did you look at php.net". My assumption for the barrage of downvotes is precisely based on my bashing of majority of SO posters. I do appreciate a good answer however. I will take a look at your blog. – JM4 Jul 29 '11 at 17:33
  • Believe it or not, the PHP manual for crypt used to be much, much worse; I had to open a [bug ticket](https://bugs.php.net/bug.php?id=50996) to get them to amend the description to the point where it was even mildly usable. For some more info, check out two questions of mine from when I was researching EksBlowfish/Crypt: http://stackoverflow.com/questions/2225644/what-is-the-correct-format-for-a-blowfish-salt-using-phps-crypt and http://stackoverflow.com/questions/2225720/why-does-crypt-blowfish-generate-the-same-hash-with-two-different-salts ; Good luck! – Dereleased Jul 29 '11 at 19:06
3

Older hashing algorithms such as sha1 and md5 are great for some things, such as hashing data for fast retrieval. While the are not cryptographically secure (anymore), they are still useful and are much faster to compute than more-secure algorithms such as sha256.

Sha1 and Md5 were once relatively computationally secure, when it was not commercially feasible (if you weren't the NSA or KGB) to crack them by brute force. Now, a rainbow table or GPU-enabled brute force algorithm allow anyone to map a hash into an input that generates that hash in reasonable time. A few years back, that was not the case.

Eric J.
  • 147,927
  • 63
  • 340
  • 553
  • good analysis on the changes and continued support for such string functions. – JM4 Jul 29 '11 at 17:35
  • @JM4: and mostly incorrect, particularly about the ease of computing the preimage attack on SHA1. – President James K. Polk Jul 30 '11 at 01:49
  • Sha1 is showing enough cracks in terms of collision attacks that I would be mindful about employing it in new software (which often lasts much, much longer than originally anticipated). http://en.wikipedia.org/wiki/SHA-1#Attacks – Eric J. May 04 '15 at 21:10
2

The problem with many sites (besides the ones that have no idea what they're talking about) is that the ones that WERE applicable a year ago are still popular, but contain outdated information. There was a time when MD5 and SHA1 were top of the line hashing algorithms. Unfortunately, that is not the case nowadays; numerous lookup tables exist to simply enter a hash and receive a working key, or one could simply brute force their way into them. Also unfortunately, many software packages still rely on them, which is one of the reasons they still exist.

Despite their shortcomings as secure hashing algorithms, they are still applicable in many instances such as generating a file checksum. Using MD5 for this is quick and painless, and most checksum checking software still support checking the file against an HD5-sum.

PHP supports a vast array of hashing algorithms. Check out the hash() function, which is extensible to support newer hashes as well. You can find out what your server supports using hash_algos(). Personally, I use SHA-512 with a salt, because a bigger number in the hash name means a better hash. Right? :)

shmeeps
  • 7,725
  • 2
  • 27
  • 35