1

I am writing a PHP script to authenticate users. I want to use SHA512 for the hash and use a salt to prepend to the password. To generate the salt, I want to use mcrypt_create_iv. But first, I must figure out the initialization Vector size. For this, I see php has: mcrypt_get_iv_size. But I have a question, please:

For mcrypt_get_iv_size() what do I use for the cipher string and the mode string? Please keep in mind I am using SHA512, so the salt needs to be at LEAST as long as the sha512 hash. For experimenting, I tried " mcrypt_get_iv_size(CRYPT_SHA512, MCRYPT_MODE_CFB) " but php complained.

dman
  • 10,406
  • 18
  • 102
  • 201
  • Why are you creating an IV for the salt? – Jon Oct 20 '12 at 19:42
  • because I read the best way to create a randomized salt is to use a Cryptographically Secure Pseudo-Random Number Generator. Hence, php's version is mcrypt_create_iv(). But I need to give it a size using mcrypt_create_iv_size(). – dman Oct 20 '12 at 19:49

2 Answers2

1

Actually mcrypt_create_iv() was designed to generate a random binary string, which can be used for encryption. What you want to do is hashing not encryption, so mcrypt_get_iv_size() does not make sense here.

Since PHP 5.3 it is safe to use mcrypt_create_iv() to generate a random string, but keep in mind that you get a binary output, which does not fit into the alphabet of the hash function.

You can look at this example which shows how to use mcrypt_create_iv() for generating a salt. To hash a password you should not use sha512 though, instead use a key derivation function like BCrypt, which is slow.

martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
  • Please where is it written in the documentation because i have googled it and did not find the fact that the binary does not fit into the hash function – John Max Oct 28 '16 at 11:19
  • @JohnMax - The accepted alphabet depends on the hash function and of its implementation. SHA for example will accept binary input, but one has to make sure that `\0` characters are handled correctly. BCrypt on the other side accepts only `./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz`. The [crypt() documentation](http://php.net/manual/en/function.crypt.php) lists the restrictions of some hash functions. The function [password_hash()](http://www.php.net/manual/en/function.password-hash.php) was written to take care of the proper handling of the salt and should be used. – martinstoeckli Oct 28 '16 at 12:04
0

The length of the salt has nothing to do with the IV size of any cipher. Rather you need to figure out how many bytes of random data are needed for your particular hashing algorithm, taking the salt formatting into account. For examples bcrypt needs 16 bytes with base64-esque encoding.

Anyway, the mere fact that you need to ask this question means that you don't know what you're doing and that's a really bad sign when it comes to password hashing. Please use one of the existing libraries for this purpose instead.

NikiC
  • 100,734
  • 37
  • 191
  • 225
  • 4
    I'm doing this for a hobby, not for a production system. The mere fact I don't know is the reason why I am asking and learning. – dman Oct 20 '12 at 20:31
  • @d hee - Just translated this [tutorial](http://www.martinstoeckli.ch/hash/en/index.php) to english, maybe it could be of interest to you. – martinstoeckli Oct 21 '12 at 16:13