Working with Password Hashes in PHP

Every good programmer knows, that passwords should never be stored in clear text. Instead a one way hash (or digest) should be used. This way user passwords are not at risk¹⁾ in case of an intrusion.

In cryptography, a cryptographic hash function is a transformation that takes an input and returns a fixed-size string, which is called the hash value.

— Wikipedia

PHP offers a simple way to create such hashes by providing functions like md5, sha1 and crypt. Those will usually do if you are writing your application from the scratch.

But sometimes you may want to switch the used hash algorithm with keeping backwards compatibility to old hashes ²⁾. Or you may want to authenticate against different systems all using different hashes.

DokuWiki does support a broad range of authentication backends. For creating and verifying password hashes we have two functions: auth_cryptPassword() and auth_verifyPassword(). The functions are completely self contained and can be used outside DokuWiki as well.

auth_cryptPassword() is used to create a new hash from a given plaintext password. The second argument is the wanted algorithm. Currently supported are:

smd5 - Salted MD5 hashing
apr1 - Apache salted MD5 hashing
md5 - Simple MD5 hashing
sha1 - SHA1 hashing
ssha - Salted SHA1 hashing
crypt - Unix crypt
mysql - MySQL password (old method)
my411 - MySQL 4.1.1 password

To create a hash just call it like this:

  $hash = auth_cryptPassword('mypassword','smd5');

The hash can be stored in your user table. To verify a user password later, auth_veryPassword() is used:

  // get stored password hash from db
  $hash_from_db = db_get_hash($_POST['user']);
  // verify the provided password
  $ok = auth_verifyPassword($_POST['pass'],$hash_from_db);
  // $ok will be true if the provided password was correct

The nice thing about auth_veryPassword() is that it will automatically determine which hash algorithm was used to create the stored password hash. This way you can have different types of password hashes in your database.

Tags:: php,; passwords,; passwd,; crypt,; md5,; hash,; programming

Similar posts:

¹⁾ putting rainbow tables and dictionary attacks aside

²⁾ otherwise all your users need to create new passwords

Posted on Monday, July the 28th 2008 (11 months ago).

as note for us PHP developers, please dont't save unsalted checksums. They are not save! Salt the data with anything you find handy, maybe the Username/Email/Applicationname(not that good) to prevent simple "uncrpyt" via Rainbow-table.

2008-07-29 08:33:58

Salz`

Correct, with the functions above just choose one of the salted methods and a random salt is automatically used.

2008-07-29 08:47:40

Andi

random salt isn't that good, cause you must save it with the userinfo into the database, if you salt with something that is already saved in you database, maybe more then one information (username + global pass), the cracker needs more then SQL-injection to get all necessary data.

2008-07-29 14:54:52

Salz`

Salz, a salt is just to protect against lookups in a table of precalculated hashes, forcing an attacker to brute force the password. The salt is is stored in plaintext together with the hash value as part of the whole hashstring.

Eg. for the following salted MD5 pass:

$1$amonRsnX$tCijAFb/t.o/GkDRqxPZV1

the salt is amonRsnX.

2008-07-29 15:07:50

Andi

"If someone has access to your code and salt to create the hash they can just run a dictionary attack using the same code algorithm and find poor passwords fairly quickly without needing rainbow tables."; Short: don't make clear what kind of salt you use. Do crazy things, md5(substr(md5("email"."username"."password"."userid"),0,-16)). In the situation the cracker hasn't access to your code, it's kind of impossible to know how you salt. Sure, if the cracker has access to your code base, he is able to use dictonaries too, but it takes much time to test this. Maybe it's an good idea to use the password length as salt.

2008-07-29 15:51:06

Salz`

Salz`, the point is that a salted password invalidates most look up tables. Yes, it can still be brute forced, but mow its no longer a process of looking something up in a couple of seconds, its a process of compiling new tables (a unique set of tables for each individual saved password). That process could take years depending on the size of the salt and the rules for password usage (the longer and more complex the password, the most information that needs to be run- its all about layers). In that time people can be forced to change the password.

2008-08-01 06:17:57

tedivm

great article . Although all I have ever used is md5

2008-08-24 08:33:11

Scott F