Storing passwords Passwords



  •  I recently discovered a serious security problem with the way I'm storing passwords in the database. I do it like this:

    sha1(md5(plaintext password) + md5(salt))

    And that seemed to work, however I was notified by a user today that he could just hit enter and log in, without a password. The issue was that some hashes php believed where something that they weren't, failed silently and I ended up with sha1(0) as the stored password. An empty password was one such hash that failed, so every hash that failed, and empty password would allow them in. I changed it to sha1(md5(plaintext password) . md5(salt)) so php treats it as a string and conocates them, but I'm sure there's a better way to do it.

     One of my friends, who is very sercurity oriented said that even using that, any rainbow table would crack it, dispite the hash.

     

    What do you recommened for storing passwords and checking them. I don't have access to bcrypt and other expensive hashing algorithms, but it should be secure enough with sha1 and md5. How would you all build such a system?



  • If you absolutely cannot use bcrypt, look into the FreeBSD MD5 implementation.  MD5'ing the password and salt independently makes no sense.  You are violating the #1 rule of cryptography which is to never create your own solution. 



  •  I believe I have access to mcrypt, is that good or bad? I googled 'FreeBSD MD5 implementation' but just came up with a lot of links from MD5 and bruteforce password crackers. Care to provide a link?



  • @malfist said:

    I believe I have access to mcrypt, is that good or bad? I googled 'FreeBSD MD5 implementation' but just came up with a lot of links from MD5 and bruteforce password crackers. Care to provide a link?

    mcrypt is just the standard cryptography library available in PHP.  The method used by FreeBSD for its MD5 is basically to do a number of iterations MD5'ing the output over and over again.  Example:

    hashed = passwd;

    for (i = 0; i < 10000; i++) {
    hashed = md5(hashed + salt);



    You need to do at least 1000 iterations, possibly more, appending the salt each time.  It is also possible to use SHA-1 or SHA-2 (available in the mhash extension and possibly mcrypt as well -- usually listed as SHA256) with this.  Going even further, you could randomize the number of iterations and store that along witht he salt and hashed password.  Just make sure you use more than 1000 iterations, the more the better.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.