#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Posts
    32
    Rep Power
    2

    Using a salt value


    Hi,

    I've been reading up on using a salt value when creating a password to make it more secure, what I can't get my head round is how do you remember this salt value?

    I'm guessing that when a user logs in to be able to compare the password entered with the one in the database you would need to again add the salt value to the entered password.

    Am I missing something really obvious?

    Thanks in Advance
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    57
    Rep Power
    12
    Hi,

    I guess with "remember the value" you mean storing the value?

    Simply create a new column next to the password column. The salt does not have to be hidden or encrypted. But it does have to be unique, long enough and "random enough" (use openssl_random_pseudo_bytes(), for example, not rand() or something).

    If you're not absolutely sure what you're doing, then use a ready-made and tested library like phpass. There are a lot of things you can do wrong when implementing your own algorithm.

    Comments on this post

    • ptr2void agrees : phpass FTW
  4. #3
  5. Code Monkey V. 0.9
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2005
    Location
    A Land Down Under
    Posts
    2,095
    Rep Power
    1990
    If you're going to do it in a more secure way, you'd use two salt values. One that's system-wide so if the database is compromised but not the system, they can't compute the password using the one stored in there, and one that's stored in the system so if the system is compromised but not the database, they can't compute it from just that one value. Of course if your system and database are both compromised... you've got bigger things to worry about then password security...

    When I've done things like this I'd set it up something close to this:
    PHP Code:
    $password sha1 ($salt1.$password.$salt2
    I would advise you to use your own choice of hashing functions, as I know that MD5 is not secure any more, and I'm pretty sure that SHA1 isn't that far behind it, but there's more available if you look at the manual.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    57
    Rep Power
    12
    Originally Posted by Catacaustic
    If you're going to do it in a more secure way, you'd use two salt values.
    This second secret salt is often called "pepper". But I'm not aware of any expert promoting it, so I'd be rather sceptical about this approach. It probably won't hurt, but don't rely on it as an actual security mechanism.

    Actually, when you find yourself adding all kinds of security features, stop there and use a proven algorithm instead. That's definitely more secure than some home-made solution that relies more on a feeling of security rather than actual testing by experts.



    Originally Posted by Catacaustic
    I would advise you to use your own choice of hashing functions, as I know that MD5 is not secure any more, and I'm pretty sure that SHA1 isn't that far behind it, but there's more available if you look at the manual.
    Use one of the SHA-2 function (SHA-256, SHA-512 etc.).
  8. #5
  9. Code Monkey V. 0.9
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2005
    Location
    A Land Down Under
    Posts
    2,095
    Rep Power
    1990
    Originally Posted by Jacques3
    Actually, when you find yourself adding all kinds of security features, stop there and use a proven algorithm instead. That's definitely more secure than some home-made solution that relies more on a feeling of security rather than actual testing by experts.
    So what would you recommend to do instead?
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    57
    Rep Power
    12
    Originally Posted by Catacaustic
    So what would you recommend to do instead?
    I'd use the phpass library (as suggested in the previous post). It's well tested and is actually better than a standard hashing algorithm, because it uses multiple rounds to slow down the process (the number of rounds can be set).

    I think that's pretty much state of the art.
  12. #7
  13. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    Use of pepper is fine and does increase security a bit but doesn't contribute to a huge increase in security, which is why it doesn't usually get mentioned. Use of pepper without salt is insecure though; use salt or salt+pepper, but never just pepper.

    Use of multiple rounds of hashing is a good recommendation as well. A single pass of something like sha256 by itself is theoretically effectively unbreakable at this time, but it's good to use a few thousands of passes instead as it will help future-proof the system.

    Comments on this post

    • Jacques3 disagrees
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    57
    Rep Power
    12
    Originally Posted by E-Oreo
    Use of pepper is fine and does increase security a bit
    Says who? Which authority has seriously examined this and recommends using a pepper?

    Sure, the idea sounds good. But does the benefit outweigh the problem of giving up proven algorithms and relying on your home-made solution?



    Originally Posted by E-Oreo
    A single pass of something like sha256 by itself is theoretically effectively unbreakable at this time
    What? I have no idea how you came to this conclusion. SHA-2 is certainly harder to "crack" than MD5, but calling it "unbreakable" makes absolutely no sense when fast hardware is available to everybody for little money. It's just a matter of how much effort you're willing to invest. So the only serious approach is to make attacks as expensive as possible by using an algorithm that's slow and difficult to implement (that's what bcrypt, scrypt, PBKDF2 etc. are for).

    None of the simple hashing algorithms like MD5, SHA-1, SHA-2 etc. is even remotely "unbreakable". They weren't even made for this kind of attack scenario. At best they're a fallback when you don't want to install an external library.
  16. #9
  17. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    What? I have no idea how you came to this conclusion. SHA-2 is certainly harder to "crack" than MD5, but calling it "unbreakable" makes absolutely no sense when fast hardware is available to everybody for little money. It's just a matter of how much effort you're willing to invest. So the only serious approach is to make attacks as expensive as possible by using an algorithm that's slow and difficult to implement (that's what bcrypt, scrypt, PBKDF2 etc. are for).

    None of the simple hashing algorithms like MD5, SHA-1, SHA-2 etc. is even remotely "unbreakable". They weren't even made for this kind of attack scenario. At best they're a fallback when you don't want to install an external library.
    Yes, you're right about this. My recommendation to use a single pass was not a good one. I was considering the entirety of the SHA-2 keyspace rather than the subset of the keyspace that would be used for normal passwords.


    Sure, the idea sounds good. But does the benefit outweigh the problem of giving up proven algorithms and relying on your home-made solution?
    Deciding to use a salt and pepper has nothing to do with giving up a proven algorithm. The algorithm is the mathematical set of steps that transforms a given string into a hash; changing the value of the original string has absolutely no impact on the underlying algorithm. Using a salt is part of the implementation of the algorithm, not part of the algorithm itself.

    One of the most critical properties of a secure hashing algorithm is that knowing part of the original string does not provide you with any information about the rest of the original string. Thus mathematically a pepper can only improve the security of your system unless the underlying hashing algorithm that you're using is insecure.
    Last edited by E-Oreo; October 10th, 2012 at 09:34 AM.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around

IMN logo majestic logo threadwatch logo seochat tools logo