I am trying to build password authentication into a database front end
for a MySQL DB. I find the php docs on this point quite confusing so I
have a lot of questions.
I can use a one-way hash to do this if that's the best way, as I don't
need to retrieve the password. However if I could do so that has some
small advantages. So I am open to either symmetric or one-way
approaches.
First off, there are multiple encryption methods out there -- PHP
crypt() and the mcrypt functions, and MySQL encrypt(), for encryption;
and the md5 etc. functions for hashing. Is there any information on
best practices here, particularly in using PHP's encryption vs MySQL's?
Second, the PHP docs on crypt are, to me, a mess. Much of it suggests
passing the password back in as the salt for crypt, but this appears to
me to only be workable if DES is being used and the first two
characters of the password are the DES salt value. Since the actual
encryption method is installation-dependent the code in the docs:
# You should pass the entire results of crypt() as the salt
# for comparing a password, to avoid problems when different
# hashing algorithms are used. (As it says above, standard
# DES-based password hashing uses a 2-character salt, but
# MD5-based hashing uses 12.)
if (crypt($user_input,$password) == $password) {
echo "Password verified!";
}
seems to me to be exactly wrong -- what it does is *create* problems
with different hashing algorithms. Using $password as the salt here
only works for DES, for md5-based encryption it will fail as the first
12 characters of the password are not the md5 salt (are they?). What
am I missing here?
Third, I am curious as to the repeated statements as to why one must
use a different salt every time. For example, here's a user comment on
the crypt docs from the PHP web site:
The only only important consideration when generating a salt
is to make sure that all salts are unique--that way the same
password will be encrypted differently (i.e. the encrypted
passwords will look different) for different users.
One of the simplest ways to generate a unique salt is to use
some string that will be different every time the procedure
is called. Here's a simple example:
$jumble = md5(time() . getmypid());
$salt = substr($jumble,0,$salt_length);
My question is, why would I do this? If you are going to save the
password you can't use a random salt without saving the salt along with
the password so you can test it later. And if you do that, the
randomness loses its value -- if someone breaks in and finds the
encrypted password, they also get the salt. Again, am I missing
something? Is there some potential attack where the attacker can use
the repeatability of the password encryption or hashing algorithm to
their advantage even if they cannot break into the server to see the
encrypted data? If not, and they have to be able to break in to do the
attack then, again, they can read the salt.
Thanks for any comments or input.
----------
Tom Rawson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
