I am trying to build password authentication into a database front end 
for a MySQL DB.  I find the php docs on this point quite confusing so I 
have a lot of questions.

I can use a one-way hash to do this if that's the best way, as I don't 
need to retrieve the password.  However if I could do so that has some 
small advantages.  So I am open to either symmetric or one-way 
approaches.

First off, there are multiple encryption methods out there -- PHP 
crypt() and the mcrypt functions, and MySQL encrypt(), for encryption; 
and the md5 etc. functions for hashing.  Is there any information on 
best practices here, particularly in using PHP's encryption vs MySQL's?

Second, the PHP docs on crypt are, to me, a mess.  Much of it suggests 
passing the password back in as the salt for crypt, but this appears to 
me to only be workable if DES is being used and the first two 
characters of the password are the DES salt value.  Since the actual 
encryption method is installation-dependent the code in the docs:

    # You should pass the entire results of crypt() as the salt
    # for comparing a password, to avoid problems when different
    # hashing algorithms are used.  (As it says above, standard
    # DES-based password hashing uses a 2-character salt, but
    # MD5-based hashing uses 12.)
    
    if (crypt($user_input,$password) == $password) {
       echo "Password verified!";
    }
    
seems to me to be exactly wrong -- what it does is *create* problems 
with different hashing algorithms.  Using $password as the salt here 
only works for DES, for md5-based encryption it will fail as the first 
12 characters of the password are not the md5 salt (are they?).  What 
am I missing here?

Third, I am curious as to the repeated statements as to why one must 
use a different salt every time.  For example, here's a user comment on 
the crypt docs from the PHP web site:

    The only only important consideration when generating a salt
    is to make sure that all salts are unique--that way the same
    password will be encrypted differently (i.e. the encrypted
    passwords will look different) for different users.
    
    One of the simplest ways to generate a unique salt is to use
    some string that will be different every time the procedure
    is called.  Here's a simple example:
    
    $jumble = md5(time() . getmypid());
    $salt = substr($jumble,0,$salt_length);

My question is, why would I do this?  If you are going to save the 
password you can't use a random salt without saving the salt along with 
the password so you can test it later.  And if you do that, the 
randomness loses its value -- if someone breaks in and finds the 
encrypted password, they also get the salt.  Again, am I missing 
something?  Is there some potential attack where the attacker can use 
the repeatability of the password encryption or hashing algorithm to 
their advantage even if they cannot break into the server to see the 
encrypted data?  If not, and they have to be able to break in to do the 
attack then, again, they can read the salt.

Thanks for any comments or input.

 ----------
 Tom Rawson




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to