Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:60818 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 42386 invoked from network); 14 Jun 2012 04:02:46 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 14 Jun 2012 04:02:46 -0000 Authentication-Results: pb1.pair.com smtp.mail=thruska@cubiclesoft.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=thruska@cubiclesoft.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain cubiclesoft.com designates 74.208.44.107 as permitted sender) X-PHP-List-Original-Sender: thruska@cubiclesoft.com X-Host-Fingerprint: 74.208.44.107 u15404699.onlinehome-server.com Linux 2.6 Received: from [74.208.44.107] ([74.208.44.107:55802] helo=u15404699.onlinehome-server.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FC/20-39100-56269DF4 for ; Thu, 14 Jun 2012 00:02:45 -0400 Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: thruska@cubiclesoft.com) with ESMTPSA id 5AA9350000AC Message-ID: <4FD96248.2040506@cubiclesoft.com> Date: Wed, 13 Jun 2012 21:02:16 -0700 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 MIME-Version: 1.0 To: PHP Development References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Adding a simple API for secure password hashing? From: thruska@cubiclesoft.com (Thomas Hruska) On 6/13/2012 2:31 PM, Nikita Popov wrote: > Hi internals! > > Recent incidents have shown that even very large websites still don't > get how to do password hashing properly. The sha1 hashes used by > Linkedin et al can be easily cracked even by amateurs without special > hardware. > > What could be the reason for this? Why don't people use bcrypt? It is > being recommended already for *years*, but still most people don't > seem to make use of it. The real problem is this: Writing a login system is a "rite of passage" for every web programmer and the majority of tutorials out there are using md5()/sha1() without salts. Get programmers using trusted, secure systems and we'll start seeing these problems vanish. This is a social engineering issue, not a technical one. http://cubicspot.blogspot.com/2012/05/dear-web-developers-stop-making-login.html > I think the reason is that it is incredibly hard to use crypt() > correctly, mainly for the following reasons: > > * For many people the syntax is hard to grasp. The hashing algorithm > is specified as the salt parameter, which is somewhat non-obvious (at > least for me). > * The fact that you verify a password using $hash == crypt($password, > $hash) is equally non-obvious. > * Generating correct salts for bcrypt is quite complicated. It is > encoded in some strange base64 format, thus requiring an additional > function to create it. Additionally it isn't particularly easy to > fetch the random bytes for the salt as you have to check several > possibilities for a cross-platform solution (mcrypt initialization > vector, openssl, /dev/*random, mt_rand etc). You forgot: * Prior to PHP 5.3.x, certain key algorithms for bcrypt support were not necessarily available in crypt(). * Some people are not a fan of the output of crypt() or the lack of input controls. Other thoughts: mt_rand() does not qualify as random. If you need random bytes, consider using CSPRNG (http://barebonescms.com/documentation/csprng/). -- Thomas Hruska CubicleSoft President Barebones CMS is a high-performance, open source content management system for web developers operating in a team environment. An open source CubicleSoft initiative. Your choice of a MIT or LGPL license. http://barebonescms.com/