I have a PHP application that has a somewhat decent userbase. Now unfortunately, it has been using sha1($password . $salt) all these years and I really want to ditch that in favor of bcrypt. I have found some nice ways of getting a Blowfish hash, but I am still unsure about the conversion approach that I should use. Here are my options:
Every time a user logs in, I check if the hash starts with $2. If not, I assume it is sha1, take the password entered by the user, get the bcrypt hash for it and replace the old hash in the database.
I replace my auth class to do this:
$hash = password_hash("rasmuslerdorf", sha1($password . $salt));
That way, conversion is quicker.
But honestly, I don't really like either of the options. Both suggest that I still keep a legacy check in the codebase which I want to get rid of.
Any suggestions which of the above two are better from a coding standards point of view? Or does someone have a better solution?
You cannot change a SHA1 certificate into a SHA256. The cryptographic hash (SHA1 or SHA256) used when a certificate is generated cannot be changed.
Yes, bcrypt has many savvy supporters, though of course you want to tune the number of iterations with performance and tune other defenses with DoS attacks in mind. See also How to securely hash passwords? - IT Security and Password Hashing add salt + pepper or is salt enough?
The takeaway is this: bcrypt is a secure algorithm but remember that it caps passwords at 72 bytes. You can either check if the passwords are the proper size, or opt to switch to argon2, where you'll have to set a password size limit.
BCrypt Algorithm is used to hash and salt passwords securely. BCrypt permits building a password security stage that can advance nearby hardware innovation to guard against dangers or threats in the long run, like attackers having the computing power to guess passwords twice as quickly.
Every password-storing-system must have the option to switch to a better hash algorithm, your problem is not a one-time migration problem as you may think. Good password hash algorithms like BCrypt have a cost factor, from time to time you have to increase this cost factor (because of faster hardware), then you need the same procedure as you need for the migration.
Your Option1 is a convenient approach, as long as the hashes are not terrible unsafe (unsalted or very weak algorithm). In PHP's new password API, you will even have a function password_needs_rehash() to determine whether an update is necessary.
I would recommend to let the fallback stay in the code, you will spare your customers the hassle of confront their users with an invalid password. As a user i don't like emails that demand to click a link and reenter my password, users are taught to ignore such email because of phishing. As said before, such fallbacks in the code are not bad, it is a necessary step to get a safe password handling.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With