Is it safe to sanitize passwords being given to PHPass, and vice versa?

Question

From my understanding of hashing in general, one changed character any place can throw the whole hash into a different ballpark... and that got me thinking... Is sanitizing a password being given to PHPass a good idea? If at some future PHP version they decide to change what is escaped with their sanitization functions, and someone's password includes one of the newly escaped characters, that would throw their hash off and they could never get back in (short of a reset).

I realize that the potential security risk outweighs the inconvenience of a few password resets, but I am still curious on this point. Is this a legitimate concern?

Exactly what are you trying to achieve by sanitizing your users' password input? Even if you really want to prevent people from using some characters, you probably want to just inform your users that their password is invalid, rather than silently transforming it. — John Flatness, Sep 03 '11 at 19:27

score 6 · Accepted Answer · answered Sep 03 '11 at 19:16

I don't see why you need to sanitize a password, or most data for that matter. You should sanitize your data to make unsafe uses safe (like reading from a user specified file). Other than that, everything else should be handled by htmlentities($data) when printing it, or mysql_real_escape_string($data) for use in MySQL queries. There is never a need to sanitize data that is never visible or never used in unsafe ways (that is sanitize data as in making it safe)... it should be escaped.

So, don't sanitize, escape where appropriate... like when printing or querying.

Ok. Sounds like I misunderstood the use of sanitization. Thanks for setting me straight :) — Aeo, Sep 04 '11 at 19:44

Is it safe to sanitize passwords being given to PHPass, and vice versa?

1 Answers1