3

Just wondering if there are pros and cons to methods of password encryption... Typically, I'll use php and encrypt a password using md5 before inserting a new user into the database. I inherited a project recently and they use PASSWORD() in the sql insertion query to encrypt it. So, now I'm wondering if there's advantages to using one over the other?

Scooter5150
  • 157
  • 2
  • 3
  • 14
  • possible duplicate / related : [Fundamental difference between Hashing and Encryption algorithms](http://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms) – ircmaxell Nov 01 '11 at 14:36

6 Answers6

9

See the MySQL docs for PASSWORD:

The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA2() instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications.

Below that note is one very good reason not to rely on that function:

Statements that invoke PASSWORD() may be recorded in server logs or in a history file such as ~/.mysql_history, which means that plaintext passwords may be read by anyone having read access to that information.

Passwords are generally best stored with salted hashes (SHA, etc.). Here's an answer which lists a few useful links about safe password storage.

Community
  • 1
  • 1
Jon Gauthier
  • 25,202
  • 6
  • 63
  • 69
  • 1
    Use php crypt() with BLOWFISH or SHA512, MD5 has been broken for a while. – hafichuk Nov 01 '11 at 14:16
  • 1
    @hafichuk: MD5 is **not** broken for password storage. That's a myth. What is broken is simple hashes (even for sha512) and salted hashes. You need to be using an iterated and salted hash (such as BCrypt (blowfish), Crypt's MD5/Sha256/Sha512, PBKDF2, etc). So you are correct about Blowfish and using Crypt's SHA512, but for the wrong reason... – ircmaxell Nov 01 '11 at 14:37
  • @ircmaxell php.net makes a note on md5: It is [not recommended](http://php.net/manual/en/function.md5.php) to use this function to secure passwords – Mikhail Nov 01 '11 at 15:12
  • @Mikhai: Again, correct but for the wrong reason. It's not recommended to use `md5($pass);`. It's also not recommended to use `sha512($pass)`. Why? See [this answer](http://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms/4948393#4948393) and [this blog post](http://blog.ircmaxell.com/2011/08/rainbow-table-is-dead.html). A hash (salted or not) is not enough. But you can use md5 as the primitive in a iterated and salted hash mechanism (such as PBKDF2) quite securely. The issue here is not with md5, but any hash algo used by itself. – ircmaxell Nov 01 '11 at 15:16
2

If someone is sniffing packets and you use PASSWORD, they'd be able to see "INSERT INTO USERS VALUES ('username', PASSWORD('secret'))". I think MySQL also has an MD5 function, but it shouldn't be used for the same reason.

SHA-1 and MD5 have been compromised, and it's recommended that you use SHA-256 with a salt value (possibly based on the username). Salts are basically strings tacked onto a password to help prevent use of rainbow tables to figure out passwords.

Chris Forrence
  • 10,042
  • 11
  • 48
  • 64
  • They have **not** been compromised for password storage. For cryptographic signatures they have, but they are still just as good as sha256 for password storage (practically speaking)... Even theoretically speaking, there is **no** known attack against MD5 or Sha1 for password storage (where all or part of the input is unknown)... – ircmaxell Nov 01 '11 at 14:46
2

Both SHAx and MD5 are not encryption but hashing.

Take a look at the mcrypt library for actual encryption.

http://php.net/manual/en/book.mcrypt.php

EDIT: As pointed out by ircmaxell, passwords should not be encrypted (unless you are building a password manager) but one-way hashed with a random salt value. (ex: SHA1)

Martin Samson
  • 3,970
  • 21
  • 25
  • **please** no. Passwords should *almost* **never** be encrypted. See [this answer](http://stackoverflow.com/q/5089841/338665) for info on how to encrypt it securely. But 99.9999999999999% of the time you should destructively hash it. – ircmaxell Nov 01 '11 at 14:47
  • Yes, but the question asks for password encryption, not hashing. – Martin Samson Nov 01 '11 at 14:50
  • yes, because the original asker doesn't understand the difference between them. The two things that he listed are both hashing mechanisms. So he's talking about hashing and not encryption... – ircmaxell Nov 01 '11 at 14:55
0

To avoid specifying the cleartext password if you know its hash value (the value that PASSWORD() would return for the password), specify the hash value preceded by the keyword PASSWORD:

CREATE USER 'jeffrey'@'localhost'
IDENTIFIED BY PASSWORD '*90E462C37378CED12064BB3388827D2BA3A9B689';
zloctb
  • 10,592
  • 8
  • 70
  • 89
0

If you're doing it with PHP instead of MySQL, PHP recommends against using MD5 for securing passwords:

http://php.net/manual/en/function.md5.php

Instead, use the crypt function:

http://php.net/manual/en/function.crypt.php

Dave Snyder
  • 915
  • 10
  • 12
-4

As per wiki:

In 1996, a flaw was found with the design of MD5.

Mikhail
  • 8,692
  • 8
  • 56
  • 82