NYCPHP Meetup

[Chris Snyder]

On Thu, May 6, 2010 at 1:15 PM, Anthony Papillion <papillion at gmail.com> wrote:
> So I've used encryption on a personal level and even on the server
> through SSL but I've not done much more in PHP than using either the
> MD5() or SHA1() functions on passwords. I tend to be a very paranoid
> type with user information and I'm constantly thinking about
> weaknesses in systems and how they could be exploited.
>
> My initial encryption method was to either md5 or SHA1 passwords, and
> stick them in the database. While I know it's difficult to 'reverse
> the sausage machine' on these encrypted strings, it's not impossible.
> An attacker could determine an MD5 or SHA1 password through a simple
> dictionary attack. So, in essence, the encryption is useless.
>
> My current method is to concatenate the username+password+username and
> then either MD5 or SHA1 that and store that as the password in the
> database. But, really, is this anymore secure to a sophisticated,
> thinking attacker? Certainly, if I could think of it, they could, and
> it would again be trivial to write a script to execute a simple
> dictionary attack and figure out the password.
>
> I also know there are many other encryption methods out there but,
> isn't it true that *all* of them are compromisable by that simple
> manner or am I missing something critical here? Perhaps the only way
> to mitigate the risk is to institute a 3 strikes policy (which pisses
> users off but is secure) and to them change the users password to some
> absolutely random 50 digit gobbledygook string of characters.
>
> Am I being overly paranoid here or are these valid concerns?  Am I
> simply missing something?
>
> Thanks!
> Anthony
>

Standard practice is to use add a salt before hashing the password so
that dictionary attacks don't work. The salt could be the userid, the
creation time of the record, or some other variable piece of
information that the system will always be able to find when
authenticating the user. The salt should ideally be unique to your
system.

So your sha( $username . $password ) approach is fine, though sha(
$createdtime . $password ) would be even better -- the user might use
the same username and password in other systems, which would make the
hash identical, and could make the password easier to guess.

If you're designing the system now, sha-256 is probably a good idea.
md5 and sha-1 are considered broken in some circles, though not so
much that you would force an upgrade to an existing system.

Always use a one-way hash. Always use a variable salt that is unique
to your system. You are not being overly paranoid. ;-)