Menu
I'm building a site that has users on them, and as with most sites housing some user-type system, they sign in with their e-mails and passwords. I'm using PHP for the back-end portion of my site.
After reading up some articles and posts on the Internet, I learned of the PHP functions password_hash() and password_verify() and wanted to know if an example procedure such as this one was secure enough?
So the questions I have with this are as follows:
Any answers would be greatly be appreciated. Thank you.
706
Bcrypt cost Bcrypt is the current default hashing algorithm used by password_hash(). This algorithm takes an option parameter named “cost”. The default cost value is 10.
The password_verify() function is used to match the hash password with the original password. Another function, password_hash() is used to generate the hash value based on the hashing algorithm, cost, and salt value. The password_verify() function contains all hashing information to verify the hash with the password.
Yes, if you hash the same input with the same function, you will always get the same result. This follows from the fact that it is a hash-function.
password_hash() creates a new password hash using a strong one-way hashing algorithm. The following algorithms are currently supported: PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5. 0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP.
Yes to both questions, with a couple of caveats:
Bcrypt truncates after 72 characters. While this doesn't degrade security in any practical way, it still leaves a bad taste in some peoples' mouths. People typically work around this by passing it through a hash function like so (please read the second caveat!):
password_hash(hash('sha512', $_POST['password'], true), PASSWORD_DEFAULT);
password_verify(hash('sha512', $_POST['password'], true), $storedHash);
Bcrypt breaks on NUL bytes, which means that if the SHA512 hash of your password begins with 00, an attacker cracking the hashes will see it as the bcrypt hash of an empty string.
If you want to accept passwords longer than 72 characters without silent truncation, do what we did in password_lock: base-64 encode the raw hash output during hashing AND verification.
(The authenticated encryption of the password hash that password_lock performs is optional, and only increases security if your database is on separate hardware from the webserver.)
But if you're just accepting user's passwords, bcrypt is fine. Most people's 72 character passwords are unbreakable anyway.
75
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
