Comments on: How to store passwords safely with PHP and MySQL

By: Niek

Niek — Tue, 31 Jan 2012 10:41:27 +0000

Great post. But something’s not quite clear for me. When the user logs in, I can use “$password = $_SERVER[‘PHP_AUTH_PW’];”, so the password is sent safely.

But when I let my users register, I should do the same hash on the client side before sending using POST? So the hash will be sent as plaintext. So any attacker intercepting these packages can read the hash, create a custom request and use the hash to login under the user’s name?

By: Michael

Michael — Mon, 30 Jan 2012 09:51:36 +0000

Thanks very much! This seems to work quite well, but as somewhat of a newbie, it appears that the passwords are not unique, wherein the uniqueness comes from the username. The password uniqueness comes from the hashed match to the entered password, not to the password, as separate entries of the same password will create unique hashes for each password entry. With the number of iterations required to have a collision, is this deemed acceptable, or am I possibly doing something wrong, and each entered password should resolve as unique?

By: JangoVimal

JangoVimal — Wed, 11 Jan 2012 10:10:49 +0000

Notify user with an email which holds a link to create a new password. The link should also hold some encrypted character which can be active only for a certain time period may be 10 mins.

By: Anonymous

Anonymous — Wed, 14 Dec 2011 16:09:34 +0000

Generate a new password.

By: Doaa

Doaa — Tue, 06 Dec 2011 03:18:10 +0000

I know that the hash cannot be reveresed. But what can be done in this case? An ideas?

By: Doaa

Doaa — Tue, 06 Dec 2011 03:12:53 +0000

Thank you so much. I had one question, in my application I have a “Forgot Password” link, in which I send passwords to the users on their emails. If I stored the passwords hashed, how can I restore the original plain text to be sent?

By: Reyz

Reyz — Mon, 05 Dec 2011 15:06:40 +0000

My code doesn’t work..

By: Reyz

Reyz — Mon, 05 Dec 2011 11:10:02 +0000

Hi.. Thank you for the article. Is it code fixed with the code in comment? I’ll try it.

Once again, thank you..

By: Doaa

Doaa — Mon, 05 Dec 2011 03:35:05 +0000

Thank you so much for this article. It’s quite useful.

By: ElbertF

ElbertF — Sun, 04 Dec 2011 01:50:59 +0000

I’m afraid storing the password in a cookie, hashed or not, is not safe. The password doesn’t even need to be recovered for an attacker to take over the account if they know the hash.

By: Champ Polestico

Champ Polestico — Tue, 29 Nov 2011 14:33:37 +0000

Thanks for the concept!

By: Tiago Roldão

Tiago Roldão — Wed, 16 Nov 2011 23:01:14 +0000

If i put the md5($hash) in a cookie. Its possible to recover the password?

Just need to make sure.

By: deepz

deepz — Mon, 05 Sep 2011 13:41:35 +0000

Your article has helped me alot. Thank you so much.

By: Dave

Dave — Wed, 24 Aug 2011 08:53:30 +0000

LONG LIVE ROT13!

lol, I jest..

Cool post.

By: Kremchik

Kremchik — Wed, 27 Apr 2011 16:10:53 +0000

Thank you, very nice post, everything is perfectly clear!

Wish you write something about how to work with sessions in a way that a potential hacker could not log in even if he has got the DB and the sources both.

By: ElbertF

ElbertF — Tue, 22 Mar 2011 22:03:44 +0000

Hashing SHA-256 over and over does not increase the chance of collisions AFAIK (as is the case with MD5), this is from what I’ve read and tests I’ve done myself. The added security comes from the time it takes to generate the hash, the same way Bcrypt does (you could of course just use Bcrypt but it’s not always available on shared hosts). Eating up server resources is a feature in this case. “Three strikes and your out” is indeed useful but not if someone gets a hold of your database.

By: solo

solo — Fri, 25 Feb 2011 14:13:44 +0000

Oh and obviously I’m just talking about hashing 100000 times…

By: solo

solo — Mon, 21 Feb 2011 20:17:13 +0000

I agree with @Andrew - I think that this really provides no extra security, increases chance of collision, and eats up server resources. Instead, I would just implement a “3 strikes and your out” method instead…

By: Theodor

Theodor — Thu, 06 Jan 2011 09:40:01 +0000

great posts thanks a lot ElbertF

thanks too for wappalyzer !

By: Andrew

Andrew — Tue, 17 Aug 2010 15:53:54 +0000

Sorry but I thought that it is well documented that just doing this with MD5 -

$HashedPassword = $md5(md5($Password));

Increases the chance of collision dramatically?

So surely when running this -
for ( $i = 0; $i < 100000; $i ++ )
{
$hash = hash('sha256', $hash);
}

you are increasing the chance of hash collision?

Im no expert and im unsure if MD5 and SHA256 work the same but I do know that it is a big NO NO to rehash a hash as it increases chances of collision.

By: ElbertF

ElbertF — Mon, 01 Mar 2010 06:19:51 +0000

Fixed it, thanks.

By: garyamort

garyamort — Fri, 19 Feb 2010 02:11:44 +0000

The above is good for a general rule of thumb, however one must always be ready to be flexible when needed.

For one thing, not all websites are a vacumn, thus whatever mechanism you may include the OPTION of validating at least initially to a different format. For example, many systems do store MD5 passwords, and it is a simple matter to export them when migrating. So for a special use case[migration of users], you would want to allow the user to sign in using their old password, and then immediately rehash and save it.

Additionally, you may be working on a web service for other users, in which case there should be an option to export data in a manner which allows people to use that data on their own server. Locking people into your system is rude and obnoxious, there should always be a migration option.

Lastly, there are indeed times when you will need to allow a site owner to log on as someone else. Customer service is key. In those cases, explaining how much more secure the password system is is useless, you must give them a way to log on. Either store the password in some manner that they can look it up, or provide functionality to allow an admin to “impersonate” a user.

By: Name

Name — Thu, 18 Feb 2010 09:05:23 +0000

<———- CORRECTION TO THE ABOVE ————->
I had a typo in there . . .

Doesn't work as written. Need to concatenate the user's input password with the salt again after getting it from the login form . . .

… . $r = mysql_fetch_assoc(mysql_query($sql));

// The first 64 characters of the hash is the salt
$salt = substr($r['hash'], 0, 64);

$hash = $salt . $password; <—————— (TYPO FIXED) INSERT THIS LINE HERE (IN 2ND CODE SECTION)

// Hash the password as we did before
for ( $i = 0; $i < 100000; $i ++ )
{
$hash = hash('sha256', $hash);
} … . // ETCETERA

By: Name

Name — Thu, 18 Feb 2010 09:02:49 +0000

Doesn't work as written. Need to concatenate the user's input password with the salt again after getting it from the login form . . .

… . $r = mysql_fetch_assoc(mysql_query($sql));

// The first 64 characters of the hash is the salt
$salt = substr($r['hash'], 0, 64);

$hash = $hash . $password; <—————— INSERT THIS LINE HERE (IN 2ND CODE SECTION)

// Hash the password as we did before
for ( $i = 0; $i < 100000; $i ++ )
{
$hash = hash('sha256', $hash);
} … . // ETCETERA

By: ElbertF

ElbertF — Tue, 16 Feb 2010 01:28:16 +0000

Because a potential hacker would be able to brute-force the password on another machine without using sleep(). You need the algorithm to be slow.

By: PA

PA — Mon, 15 Feb 2010 17:16:52 +0000

Why not use the sleep() function instead of hashing multiple times ?

Then :
- you wouldn't increase the chance of collisions
- you wouldn't increase the server load

By: ElbertF

ElbertF — Fri, 12 Feb 2010 01:41:12 +0000

Yes that's true. If you're simply after the admin password and know the full hash and algorithm the random salt won't make a difference. The only thing that can help you is a strong password (you could store the hash on a different server).

Hashing multiple times may increase the chance of collisions slightly but I don't think it matters to much in this case. You'd still have to perform the hash a 100,000 times which slows brute forcing down significantly. If computers get faster you can just hash all the passwords some more.

By: Tijn

Tijn — Thu, 11 Feb 2010 18:33:02 +0000

I don't fully understand what the random salt is for. A single site-wide salt is bad because “someone with access to your code can find the salt”, but I don't see how prefixing the hashed string with a random salt makes any difference.

If I have access to the database, I could just look at the first 64 characters and create a new rainbow table. The only real difference is that it will take more time to “decode” the password of ALL users, but when you're looking at a single password, this method doesn't seem more secure.

Also, I'm not a security expert , but is it really better to hash something multiple times?

By: Tim Cinel

Tim Cinel — Mon, 01 Feb 2010 02:21:17 +0000

That's a big salt. I was thinking it would be better to have a secret component in the salt but upon further thought it wouldn't help.
Thanks for the article ^^ Death to plaintext password storage!

By: ElbertF

ElbertF — Mon, 01 Feb 2010 01:37:46 +0000

Thanks Ramon! Actually it's the opposite, strtolower() makes sure the login to is case insensitive (in the SQL query case doesn't matter).

By: Ramon Fincken

Ramon Fincken — Sun, 31 Jan 2010 15:14:49 +0000

I like your article !

However you presume usernames are fixed and TheName is another user as thename > strtolower($username)