password_compat for older php version

Question

PHP 5.5 will support the password functions password_hash() and password_verify(). Also there is a file to add this functions in >5.3.7.

My problem is that I am currently running the debian package 5.3.3-7+squeeze14.

Is there a way to make this function available with this old PHP version?

Answer 1

So, before I get started, let me make one thing clear. I am the author of the library in question (and the patch for 5.5).

With that said, what the others have mentioned is absolutely correct. The reason that 5.3.7 is the minimum version is that all versions prior have a bug in the bcrypt implementation that can lead to entropy loss in passwords using high-byte characters (code points >= 128).

That's the main reason for 5.3.7 being the minimum version. And I would highly suggest upgrading to at least 5.3.7, but preferably latest (a number of significant security issues have been found in not-so-old versions).

Now, what can you do if you're stuck on a lower version? You could fork the library and adjust $2y$ to $2a$. That will at least get you to work. Passwords generated in this manner will be portable with future versions (the library is designed to be able to verify older crypt() passwords).

However, I would recommend that you do not do this. Just upgrade to a newer version of PHP. It's not that hard (there are deb packages from dotdeb that can do it for you).

If you really are stuck on an older version, I would suggest that you use a library that's designed for this. Something like my PasswordLib or PhPass (Note that you should only use that linked version of the library, there are several others on github that are drastically different).

Answer 2

The reason that 5.3.7 was made the minimum version is due to fact that the crypt() function using bcrypt in earlier versions of PHP outputs wildly different results to current versions.

You can see the result for yourself: http://3v4l.org/3cAZf

Using the following code:

<?php
var_dump(crypt('rasmuslerdorf', '$2y$07$usesomesillystringforsalt$'));

Output for 5.3.7 - 5.3.16, 5.4.0 - 5.4.6

string(60) "$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi"

Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.2 - 5.3.6

string(13) "$25di0cl7EYZA"

Output for 5.3.0 - 5.3.1

string(13) "$2v4FKr10WzJ2"

Answer 3

PHP >= 5.3.7 is required because the fixed bcrypt algorithm 2y was included in that version. The previous 2a algorithm was broken for passwords with bytes outside the US-ASCII range.

There is a good chance that your 5.3.3-7+squeeze14 version also includes this fix. Distributions commonly stay at some specific version, but backport security fixes (like this one).

So you should just check if that algorithm is available and if it is you can safely use password_compat.

The changelog for the package is a bit unclear. It mentions that 2x was added, but does not say whether 2y was added too (but it probably was).