Encrypting Passwords
Asked Answered
C

8

38

What is the fastest, yet secure way to encrypt passwords (in PHP preferably), and for whichever method you choose, is it portable?

In other words, if I later migrate my website to a different server, will my passwords continue to work?

The method I am using now, as I was told, is dependent on the exact versions of the libraries installed on the server.

Clubfoot answered 3/8, 2008 at 11:50 Comment(0)
B
33

If you are choosing an encryption method for your login system then speed is not your friend, Jeff had a to-and-frow with Thomas Ptacek about passwords and the conclusion was that you should use the slowest, most secure encryption method you can afford to.

From Thomas Ptacek's blog:
Speed is exactly what you don’t want in a password hash function.

Modern password schemes are attacked with incremental password crackers.

Incremental crackers don’t precalculate all possible cracked passwords. They consider each password hash individually, and they feed their dictionary through the password hash function the same way your PHP login page would. Rainbow table crackers like Ophcrack use space to attack passwords; incremental crackers like John the Ripper, Crack, and LC5 work with time: statistics and compute.

The password attack game is scored in time taken to crack password X. With rainbow tables, that time depends on how big your table needs to be and how fast you can search it. With incremental crackers, the time depends on how fast you can make the password hash function run.

The better you can optimize your password hash function, the faster your password hash function gets, the weaker your scheme is. MD5 and SHA1, even conventional block ciphers like DES, are designed to be fast. MD5, SHA1, and DES are weak password hashes. On modern CPUs, raw crypto building blocks like DES and MD5 can be bitsliced, vectorized, and parallelized to make password searches lightning fast. Game-over FPGA implementations cost only hundreds of dollars.

Bilek answered 3/8, 2008 at 12:48 Comment(0)
Q
16

I'm with Peter. Developer don't seem to understand passwords. We all pick (and I'm guilty of this too) MD5 or SHA1 because they are fast. Thinking about it ('cuz someone recently pointed it out to me) that doesn't make any sense. We should be picking a hashing algorithm that's stupid slow. I mean, on the scale of things, a busy site will hash passwords what? every 1/2 minute? Who cares if it take 0.8 seconds vs 0.03 seconds server wise? But that extra slowness is huge to prevent all types of common brute-forcish attacks.

From my reading, bcrypt is specifically designed for secure password hashing. It's based on blowfish, and there are many implementation.

For PHP, check out PHP Pass

For anyone doing .NET, check out BCrypt.NET

Quantitative answered 3/8, 2008 at 13:48 Comment(0)
H
10

It should be pointed out that you don't want to encrypt the password, you want to hash it.

Encrypted passwords can be decrypted, letting someone see the password. Hashing is a one-way operation so the user's original password is (cryptographically) gone.


As for which algorithm you should choose - use the currently accepted standard one: bcrypt

bcrypt it nice because:

  • it generates salt for you
  • it stores the salt for you
  • it returns an easy-to-manage-and-save-in-a-database string
Hemo answered 17/9, 2008 at 18:6 Comment(1)
-1 SHA-256 is not a password hashing function and it's not secure for this purpose. It can be part of one (PBKDF2), but that's something different entirely. Also your example is misleading, because the salt shouldn't be a clever phrase, it should be a random (per-user) value.Esthonia
N
7

Whatever you do, don't write your own encryption algorithm. Doing this will almost guarantee (unless you're a cryptographer) that there will be a flaw in the algorithm that will make it trivial to crack.

Neolatin answered 17/9, 2008 at 18:16 Comment(2)
Even if you're a cryptographer it will probably have a flaw - it takes years of review before an algorithm becomes 'popular'Morrell
This is so true. And reminds me of a similar anecdote from Don Knuth along the lines of: a long time ago he tried to write a random number generator and piled together as many obscure operations as he could think of. Finally he ran this monumental creation and it outputted the number 4 indefinitely. (Details may have been altered in the retelling.)Rabbit
C
1

I'm not necessarily looking for the fastest but a nice balance, some of the server that this code is being developed for are fairly slow, the script that hashes and stores the password is taking 5-6 seconds to run, and I've narrowed it down to the hashing (if I comment the hashing out it runs, in 1-2 seconds).

It doesn't have to be the MOST secure, I'm not codding for a bank (right now) but I certainly WILL NOT store the passwords as plain-text.

Clubfoot answered 4/8, 2008 at 23:7 Comment(1)
While this is closed, you should still hash passwords the most securely possible. Whats the easiest way to get someeones bank account password? Create an awesome looking website in which you get people to sign up. Most people will use existing passwords. Now you have a huge list of passwords. Point being, the quickest way to get other people's passwords would be to hack YOUR system if I knew it was a poor implementation.Reticular
U
1

Consider to use bcrypt it is used in many modern frameworks like laravel.

Underbody answered 16/7, 2016 at 7:47 Comment(0)
W
0

password_hash ( string $password , int $algo [, array $options ] ). (PHP 5 >= 5.5.0, PHP 7)

password_hash() creates a new password hash using a strong one-way hashing algorithm. password_hash() is compatible with crypt(). Therefore, password hashes created by crypt() can be used with password_hash().

Whitewall answered 18/5, 2018 at 18:27 Comment(0)
A
0

Use this function when inserting in database Password_harsh($password,PASSWORD_DEFAULT); And when selecting from the database you compare the password you are inserting with the one in the database using the function if(password_verify($password,$databasePassword)){

}else{
echo "password not correct";
}

This will harsh the password in a secure format

Arceliaarceneaux answered 9/11, 2019 at 10:5 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.