Using Multiple Hashes in PHP

Question

Am working on a project & am keen to keep password-storage secure from the start. In the idea phase, but this is roughly what I intend to use.

class Crypto {
    public function hash1($string, $salt) {
        return hash('sha512', $string . $salt);
    }

    public function hash2($string, $salt) {
        return hash('sha512', $salt . $string);
    }

    public function compareToHash($string, $salt, $hash1, $hash2) {
        return($this->hash1($string, $salt) === $hash1 && $this->hash2($string, $salt) === $hash2);
    }
}

As you can see I am trying to avoid collisions. Is this an effective way, it seems awfully simple and I wonder if I am missing something.

Thanks.

Answer 1

Since you plan on password protecting possibly a website, let me explain that you will need to make sure to send a password from the client already encoded or else any sniffer will find the real password, and you know how people usually use password, right? The same on many, many accounts.

I would suggest taking a look at a post I stubled upon some time ago, and preserved a link for it, for it explains all the problems with hashing and password protection: http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html

Shortly - use the strongest (and sha1 is not strong any more) password encoder as it is possible. Not the fastest one. Let the hacker loose valuable time trying to break in. So much, that breaking in will become unattractive.

Hope it will help, and good luck.

Answer 2

That is pretty basic. I'd check out the Password Storage Cheat Sheet from OWASP. There are also lots of password hashing libraries already created and vetted.

I'd take a look at the Portable PHP Hashing Framework by OpenWall. It creates very secure hashes and performs an appropriate number of iterations as well. It's pretty widely used too.

If you are hashing with SHA512, there isn't anything special you need to do at the time for collision avoidance, I remember reading recently that finding collisions is still not feasible for some time still.

The two primary things I would focus on are secure salts (20+ bytes) and to iterate the hash at least 64,000 times to increase the attack time.

Answer 3

The first rule of password security: If you're not sure if something is secure, then the odds are it isn't.

Since you're just starting out writing your password routines, my advice is to stop now.

PHP5.5 (due out Feb/Mar 2013) will come with a set of new functions designed specifically for dealing with passwords with the best practice security in mind. When 5.5 is released, these functions will become the only recommended method of handling passwords in PHP.

The good news is that you don't have to wait or upgrade to 5.5 in order to use these functions -- they've been back-ported to run in 5.3 and 5.4, so you can use them now. Download the library from here: https://github.com/ircmaxell/password_compat

Reference article: http://www.h-online.com/open/news/item/PHP-5-5-should-reduce-password-sloppiness-1707835.html

Answer 4

If you want to make your password storage secure from the start, you should not use sha512 or any other fast hash algorithm, instead use a key derivation function like BCrypt.

The problem with fast algorithms is, that you can calculate 80 Mega sha512-hashes per second with common hardware (in 2012). That makes it possible to brute-force a whole english dictionary with about 500000 words, in a few milliseconds! Other algorithms are even faster.

BCrypt was especially designed to hash passwords, and is therefore slow (needs some computing time). With a cost factor you can adapt the needed time to future (and therefore faster) hardware.

Using BCrypt can be as easy, as using the sha512 hash. It's recommended to use a well established library like phpass, and if you want to understand how it can be implemented, you can read this article, where i tried to explain the most important points.

Your scheme with two separate hashes will not increase security, because collisions with sha512 are never the problem. In the worst case it even weakens security, because you have to store both hashes, so an attacker has two related informations about the hashed password.