1

I am building an application and storing user passwords in a table in MySQL. I am already using bcrypt but wondering, does it make any senses to AES_ENCRYT() the hashed password before storing into the database?

Example:

$bcrypt = new Bcrypt();
$hash = $bcrypt->hash('some-password-here');

Should I just store $hash as a varchar(60) or instead call MySQL AES_ENCRYPT('crypto_key', $hash) and store in a blob column?

Justin
  • 5,328
  • 19
  • 64
  • 84

2 Answers2

3

No, a bcrypt hashed password with a reasonable work factor should be plenty secure on its own.

ceejayoz
  • 32,910
  • 7
  • 82
  • 106
  • Right, but `AES_ENCRYPT()` would require the hacker who gained access to the database to also have the `crypto_key` and call AES_DECRYPT() to retrieve even the hashes. – Justin Aug 17 '12 at 03:49
  • 1
    The whole point of using bcrypt is that you don't really have to worry if someone retrieves the hashes. It should take years for them to crack even one of them. – ceejayoz Aug 17 '12 at 03:50
  • @ceejayoz that depends the passwords being reasonably random. If you have users picking things like "password" as passwords, there's not much a high work factor can do to protect them. Mind you, I;m not convinces that adding an AES encryption layer adds even in that case, since if someone can steal the hashes it's likely they can also grab the AES key... – Gordon Davisson Aug 17 '12 at 14:13
  • 1
    Anyone using "password" is going to be cracked already. – ceejayoz Aug 17 '12 at 15:25
2

Have to disagree with the previous answer: It actually does make sense, but not completely.

AES encryption here would add an additional layer to password security, that is based on information not stored in the database (I assume you would not put the AES key to the same database with passwords). There are several scenarios where password database might be compromised without gaining access to the application configuration. (SQL injections, database on a different server, access to database backups, etc.)

Even when using bcrypt's user-specific salt, weak passwords are still relatively easy to crack. And there will be lots of weak passwords in any password database.

The point that does not make sense: Why symmetric encryption, when you simply could append the secret key to the password before running BCrypt? So, the same security level is gained by:

$hash = $bcrypt->hash('some-password-here' . 'crypto_key');

Read more: http://blog.mozilla.org/webappsec/2011/05/10/sha-512-w-per-user-salts-is-not-enough/

Mikko
  • 955
  • 8
  • 14