13

Consider this line of code by using PHP:

$password = password_hash($password, PASSWORD_DEFAULT);

What will happen if they changed the default password hashing algorithm? I mean I will be having hashed password inside the database. Then, from my own understanding, it will be impossible to check the password because the hashing algorithm will be totally changed.

Narf
  • 14,600
  • 3
  • 37
  • 66
Ambitions
  • 2,369
  • 3
  • 13
  • 24

2 Answers2

15

What would happen is that newly-hashed passwords will be using the new algorithm - obviously.

However, you shouldn't be concerned about this, because the whole thing is designed with forward-compatibility in mind - your code won't be broken when the default algorithm changes, as long as you're using the password_*() functions correctly.
By correctly, I mean use password_verify().

password_verify() accepts a plain-text password and a hash, and it can easily determine what the used algorithm is by looking at the hash that you feed it. Therefore, it would also still be able to verify a password that has been hashed using an old algorithm - not just the previous one, but any algorithm that is supported.

In fact, the sole purpose of the PASSWORD_DEFAULT constant is that you can easily migrate older hashes to a new algorithm (once one is added). This happens the following way:

  • When a user logs in, you verify their password via password_verify() (any hashing algorithm that has a PASSWORD_<name> constant will work).
  • You call password_needs_rehash(), and if the password you just verified is using an older algorithm (or a lower 'cost' paramater) - it will return boolean TRUE.
    • If boolean TRUE was indeed returned, you can now replace the old hash with one that uses the new algorithm; you can do that during a login, because the user just gave you the password and you verified that it is correct.

In summary - it's a really, really well-designed API and it solves problems for you that you haven't even thought about. Don't worry about it.

Edit (noted in the comments):

It should be noted, however, that new algorithms will quite probly result in longer hash lengths, so if you're storing the passwords in a database - don't limit the field's length (i.e. use a varchar(255) field).

Narf
  • 14,600
  • 3
  • 37
  • 66
  • Thank you. That was helpful. – Ambitions Jun 02 '15 at 17:46
  • There's one actually important difference that could lead to some new hashes failing to validate. Since we don't know what algorithms will be used in the future, this could mean that the hash length could change. That's why the manual recommends using `VARCHAR(255)` to store the hashes, even though bcrypt hashes max length is ~55 chars. – Mike Jun 02 '15 at 17:47
  • Really something they should explain in php documentation! it's a very good behavior, but in the `password_hash` and `password_verify` they dont' mention `password_needs_rehash` – Rafiki Nov 08 '16 at 13:55
5

Just for clarification, I would like to add to the answer that PHP uses the following structure. Thus, the password_needs_rehash() and password_verify() functions will check the algorithm and cost and do their work to keep everything compatible and correct.

Source: http://php.net/manual/en/faq.passwords.php

PHP Hashed Password Structure

Community
  • 1
  • 1