Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:86124 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 61518 invoked from network); 6 May 2015 14:00:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 May 2015 14:00:31 -0000 Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.177 as permitted sender) X-PHP-List-Original-Sender: nikita.ppv@gmail.com X-Host-Fingerprint: 209.85.212.177 mail-wi0-f177.google.com Received: from [209.85.212.177] ([209.85.212.177:38820] helo=mail-wi0-f177.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 5B/20-59497-D7E1A455 for ; Wed, 06 May 2015 10:00:30 -0400 Received: by wiun10 with SMTP id n10so23591882wiu.1 for ; Wed, 06 May 2015 07:00:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xD0ujQ7hnNAh3wXhjnJMdtC5boUMvsGWpm24Rr4I6A0=; b=K+ChIYuJNxTigqwIJA/P5Cq3H18tEOcFDw/LMhwHRvQPaka+CfffZJu4ipR89b/7aG isR6uI3pjKcUcRjc1mvkEEfKiCgfzov/ebIfgAC7ZxnFHH+bR8/WDpx6y5xGZ2YQHSul dkM7ScAStQ2xog9gm6iykZpfRS+HUcA25q3tMggAjsd0RJMhotljTeDuNUL052qSW8Xd 1uVUAo8fJUZAeaTw67HVYQoCv6rgW8k/QQzECIKVj5FrCWuqcsmiOWkKzlaun7xZLa6l YskNXYNf65UL3tImRgFwr9wEp7SrKFROwtI1BRyog8IVuPg5VJSK7Q2Z6BZW53ktdsZg HAxg== MIME-Version: 1.0 X-Received: by 10.194.82.38 with SMTP id f6mr59702363wjy.16.1430920826993; Wed, 06 May 2015 07:00:26 -0700 (PDT) Received: by 10.27.86.133 with HTTP; Wed, 6 May 2015 07:00:26 -0700 (PDT) In-Reply-To: <554929FC.1010807@gmx.de> References: <554929FC.1010807@gmx.de> Date: Wed, 6 May 2015 16:00:26 +0200 Message-ID: To: Christoph Becker Cc: PHP internals Content-Type: multipart/alternative; boundary=047d7bf0bfc29841b705156a379f Subject: Re: [PHP-DEV] password_hash() best practices From: nikita.ppv@gmail.com (Nikita Popov) --047d7bf0bfc29841b705156a379f Content-Type: text/plain; charset=UTF-8 On Tue, May 5, 2015 at 10:37 PM, Christoph Becker wrote: > Hi everybody! > > In issue #64816[1] the OP suggests in the comment from [2015-05-05 04:34 > UTC] that hash_pbkdf2() should be recommended for advanced users, and > that password_hash() should use PBKDF2 with at least 128,000 rounds. > PBKDF2 is known to be weaker than bcrypt for the password hashing usage, as it is more amenable to implementation on GPUs etc. [1] You can find estimated hardware costs for PBKDF2 / bcrypt / scrypt with different settings in the script paper [2, p.14]. PBKDF2 is only stronger than bcrypt for passwords longer than 72 characters. Note that the scrypt paper assumes a maximum length of 55 characters, which means the results in the last column are likely not representing bcrypt correctly. The primary reason why PBKDF2 is preferable in some contexts (e.g. government contracts) is that it is approved by NIST in SP 800-132 [3], although there is some disagreement as to whether this recommendation even applies for use as a password hashing function, as opposed to usage as a KDF. It should be further noted that there is no standardized crypt() format for PBKDF2 and password_hash() is a crypt-compatible API. As such supporting PBKDF2 there would be very problematic. We do already support it in the form of hash_pbkdf2() and people who wish to use this method (e.g. due to legal restrictions) can use it through this API - I don't see a reason to have it in password_hash(), which should only support the recommended default use case. Nikita [1]: http://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage [2]: https://www.tarsnap.com/scrypt/scrypt.pdf [3]: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf --047d7bf0bfc29841b705156a379f--