September 8th, 2013, 07:09 PM
If CRYPT_BLOWFISH not available
I understand crypt is not the best choice (vs password combat or php 5.5's built in).
Believe it or not I have a quesiton about crypt
Would it be correct to use automatic hash this in case CRYPT_BLOWFISH is not available ( < 5.3 ),
if(defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH)
$salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22);
return crypt($password, $salt);
(Before register I also need to add a part to make sure that generate_hash is not returning false.)
$stmt = $connection->prepare("INSERT INTO website_test_members (name, email, password) VALUES (:name, :email, :password)");
$stmt->execute(array(':name' => $name, ':email' => $email, ':password' => generate_hash($password)));
September 9th, 2013, 05:07 AM
iirc password compat checks if it is available or not and then falls back on something else which i cant remember now.
why not just use that and be done with all this fact finding missions
September 9th, 2013, 09:01 AM
no, this is not secure. Not even "secure enough". Even the bcrypt part is messed up -- twice, actually (the randomness source and the encoding). Didn't I tell you last time that you must not fumble with low-level cryptography? Didn't I tell you that the sitepoint tutorial is sh*t? And didn't I say that you need to update your PHP installation in case you're below 5.3.7?
Now we're back, and what you have is PHP 5.2 (or whatever) and a low-level function call copypastad from the sitepoint tutorial.
What should I conclude from this except that you don't really care about our advice? What do you expect from us, anyway? Do you just want somebody to approve this so that you have peace of mind? Sorry, I won't. If you're not willing to follow basic security rules (like keeping your stuff up to date), you're simply not secure.
Last edited by Jacques1; September 9th, 2013 at 09:08 AM.
September 9th, 2013, 01:32 PM
Jacques, maybe I'm missing it, but what's wrong with coming up with a very random salt and bcrypting for >2000 iterations? Is it cryptographically secure? Maybe not, but are you saying we need to worry about an attacker having low-level, realtime access to the machine as these passwords are being generated?
September 9th, 2013, 04:10 PM
First of all, this code throws away a large part of the salt by messing up the encoding: bcrypt supports a salt of 128 bits represented as a base64 encoded string of 22 characters (4 bits of the last base64 digit are being irgnored). The code uses 22 hex characters, which means each character only carries 4 bits. This reduces the salt to ~88 bits.
The output of uniqid(), mt_rand() etc. is not "very random". There's a whole collection of remote attacks against PHP "randomness" allowing people to predict future salts. The salt does not have to be cryptographically secure. But it must not be predictable, and the chance of a collisions must be low. Proper sources would be something like openssl_random_pseudo_bytes($size) or mcrypt_create_iv($size, MCRYPT_DEV_URANDOM) or /dev/urandom.
Stupid mistakes like this happen again and again and again. This is not just an unfortunate bug by some confused tutorial writer. I'm pretty sure he didn't even come up with the code himself. It's a mass phenomenon poisoning the "security" code of real-life application. And that's why we need to get the message out: Keep away from low-level functions unless you know exactly what you're doing. Security isn't the right domain for the usual "Let's copy some code we found on the Internet and fumble with it until we get the right output".
I know this probably sounds terribly condescending. But I've seen so many people fail (including myself) that it's really the only sensible conclusion I could think of.
Comments on this post
September 9th, 2013, 08:06 PM
Hi Jacques1 how are you?
Originally Posted by Jacques1
I don't see computers or code like you do. I didn't know what is an "email" until 2004. Am I in the wrong business? Probably yes but it's too late to get out I have too many transactions, too much money/people involved so I better learn this and enjoy it as well.
Do I like my situation? Now I do. I am learning, making $ and getting better slowly at the same time. Advice I get from here I archive and go through over and over till it makes sense. One step at a time for me.
$salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22); can take you a second to figure out but understanding whats behind md5 or uniqid or $2y$11$ in depth takes a little bit of time. While I am going through those I also need to keep the sites as secure as I can and the business going.
Not long ago I used to store passwords just as user posted them. No MD5, no SH1, no nothing. I have more understanding (I better have after 2000 posts in Devshed, right?).
No. I expect you to be cool & understanding as always and don't get frustrated. Every post you do makes a difference for a lot of people.
So my goal is to get really good at LAMP, hire you, fire you and hire paulh1983 because he has better social skills.
Originally Posted by Jacques1
Comments on this post