Password hashing SHA? MD5?

mrhinman

I currently use MD5 to has individual usernames for access to their particular portion on a mysql table.

I realize that MD5 has been exploited and want to go to the next level. I've heard of SHA-* and wonder what the best is to use and if they are implemented in the same way that MD5 is (such as SHA-512(str)).

Any help would be appreciated. Not many web articles on SHA-512.

HP400

The higher the better. Right now the best SHA1 in PHP is better than MD5 as of now because it produces a 160bit encryption vs MD5's 128bit. I believe thats right and correct me if its the opposite. So unless you have a custom SHA-512 then SHA1 is the best available built into PHP.

laserlight

I realize that MD5 has been exploited and want to go to the next level. I've heard of SHA-* and wonder what the best is to use and if they are implemented in the same way that MD5 is (such as SHA-512(str)).

The attacks on MD5 (and SHA1) are collision attacks, and hence do not affect the way you use the cryptographic hash functions.

However, the advantage that SHA1 has over MD5 here would be that it takes longer to generate rainbow tables for SHA1 than MD5.

MarkR

I recommend that you store the passwords in the database unencrypted.

The only way that someone could obtain them is if they somehow got hold of the database, which cannot happen unless there is some other security vulnerability- which would probably allow the application to be compromised anyway.

Mark

laserlight

I recommend that you store the passwords in the database unencrypted.

The only way that someone could obtain them is if they somehow got hold of the database, which cannot happen unless there is some other security vulnerability- which would probably allow the application to be compromised anyway.

I disagree, mainly because of the tendency for people to reuse passwords, even when advised otherwise. Granted, for an attacker to use passwords from users of a breached system to gain access to another system would take a rare coincidence, but if the passwords are hashed, this simply cannot happen.

MarkR

Do not assume that these hashed passwords can't be attacked- dictionary attacks are pretty easy. Besides which, storing the passwords in plaintext makes sending the user their password by email much easier (i.e. possible).

Mark

laserlight

Do not assume that these hashed passwords can't be attacked- dictionary attacks are pretty easy.

Use a salt, of course. The attacker doesnt just have to find a preimage, but find the preimage that is the original password.

storing the passwords in plaintext makes sending the user their password by email much easier (i.e. possible).

That's true, but password retrieval isnt a must since there's the option of setting it to a random password on confirmation of a lost password request.

mrhinman

Thanks for all the replies. I chose SHA1 for the time being, and it works okay so far. I had to do some research on implementing it as I haven't done it before.

MarkR had a good point about database security. BUT - nothing is invulnerable.

I'm pretty certain that what I'm doing now will suffice, with one exception. I haven't quite figured out how to do a "three-strikes-you're-out" login page.

laserlight

I chose SHA1 for the time being, and it works okay so far. I had to do some research on implementing it as I haven't done it before.

Remember to use a salt, preferably a different salt for each password. This would be a string of several (perhaps half a dozen) characters concatenated with the message to be hashed (or concatenated to the message hashed, the result of which is then hashed).