Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:60827 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 89047 invoked from network); 14 Jun 2012 14:20:29 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 14 Jun 2012 14:20:29 -0000 Authentication-Results: pb1.pair.com smtp.mail=thruska@cubiclesoft.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=thruska@cubiclesoft.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain cubiclesoft.com designates 74.208.44.107 as permitted sender) X-PHP-List-Original-Sender: thruska@cubiclesoft.com X-Host-Fingerprint: 74.208.44.107 u15404699.onlinehome-server.com Linux 2.6 Received: from [74.208.44.107] ([74.208.44.107:33732] helo=u15404699.onlinehome-server.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BC/97-39100-C23F9DF4 for ; Thu, 14 Jun 2012 10:20:29 -0400 Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: thruska@cubiclesoft.com) with ESMTPSA id D263950000AC Message-ID: <4FD9F30F.5060304@cubiclesoft.com> Date: Thu, 14 Jun 2012 07:19:59 -0700 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 MIME-Version: 1.0 To: PHP Development References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Adding a simple API for secure password hashing? From: thruska@cubiclesoft.com (Thomas Hruska) On 6/14/2012 6:11 AM, Anthony Ferrara wrote: > Daniel, > >> Stas has the right approach, not only should the methods be simplified and >> platform/algorithm agnostic but have a proper salt built in (there are a >> few CSPRNG implementations around), I've seen salts used from numbers to >> md5's to just being skipped altogether. > > Well, just to be clear, a salt does not need a CSPRNG. All it needs to > be is reasonably unique. In fact, I wouldn't make it CS, as that would > deplete the available entropy in the system for CSPRNG generation. > > So in practice, a normal PRNG will suffice. With that said, mt_rand() > is not enough. It should be a moderately good PSRNG. It just doesn't > need to be CS. If mcrypt is available, DEV_URANDOM would be a good > place to get entropy. > > Or, we could implement a system like I did in > https://github.com/ircmaxell/PHP-CryptLib/tree/master/lib/CryptLib/Random > that follows RFC4086: http://tools.ietf.org/html/rfc4086#section-5.2 > Where it mixes together several sources of weak and moderate strength > PRNG... This: http://barebonescms.com/documentation/csprng/ Takes a different approach. Generate one or more stored root seeds and then use those seeds to generate as much data as is needed without risking loss of entropy. It also accepts extra entropy sources as input - even weak sources such as an incrementing integer or serialized user-submitted data - to further enhance the output. Adding more random sources of information to PHP is a good thing. If something like what is being discussed is developed, it will merely become one more source for root seed generation. The more the merrier. Good sources of entropy are hard to come by. One thing I would like to recommend is add to the documentation that certain functions are inappropriate for specific use cases and recommend alternative solutions. A lot of people out there think rand() and mt_rand() are suitable for security. Maybe have a specific page in the PHP documentation dedicated to covering random string and number generation and link to that page from various function pages. -- Thomas Hruska CubicleSoft President Barebones CMS is a high-performance, open source content management system for web developers operating in a team environment. An open source CubicleSoft initiative. Your choice of a MIT or LGPL license. http://barebonescms.com/