0

I decided to drop md5() as the password-encrypting algorithm when storing user passwords in DB, in favor of phpass library.

On the systems using md5, it was no problem to have a Production/Development dyad, as the resulting hash was the same. So, in case I created a test user in either one of them, the same password worked in the other environment.

From what I gather, this is not the same for other types of hashing algorithms, as phpass (or its internal php functions) creates platform-dependent hashes (I'm a hashing/encryption novice).

My question is, how should one approach this situation? Different database in prod/dev? But what if "upstairs" decided that we should move our web application (along with its DB) to another server - wouldn't the hashed passwords be now invalid - as phpass would create different hashes for the same (old) passwords?

Later edit:

Well, I didn't bother to check a dev hash to a production one. Even though they're different, their comparison results in "true", as in "they're quivalent". I thought, if hashes are different, they don't match (like md5).

nevvermind
  • 3,302
  • 1
  • 36
  • 45
  • Do you have a link to the documentation that supports PHPass is platform-dependent? – Jared Farrish Sep 11 '11 at 14:57
  • Uhm.. no. Still, the resulting hash of the *same* string is different in dev (Win XP) and production (Ubuntu). – nevvermind Sep 11 '11 at 15:06
  • It shouldn't be producing a different result on different machines, AFAIK. Encryption could, but you're not *encrypting*, you're *hashing*. Without being able to test otherwise, I would guess your XP machine does not have the same hash libraries available as your Ubuntu machine, so it's using/falling back to a different hashing algorithm. See example 3 here: http://php.net/manual/en/function.crypt.php – Jared Farrish Sep 11 '11 at 17:00
  • See [here](http://www.openwall.com/phpass/): *To ensure that the fallbacks will never occur, PHP 5.3.0+ or the Suhosin patch may be used. PHP 5.3.0+ and Suhosin integrate crypt_blowfish into the PHP interpreter such that bcrypt is available for use by PHP scripts even if the host system lacks support for it.* – Jared Farrish Sep 11 '11 at 17:02
  • And of course this from the same link: *The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, also supported with our public domain crypt_blowfish package (for C applications), and known in PHP as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself (also referred to as portable hashes).* So it looks like it tries to use Blowfish if available. – Jared Farrish Sep 11 '11 at 17:04

3 Answers3

2

A very simple solution to your problem: Always use the latest stable version of PHP. As of 5.3 PHP provides native implementations of crypt algorithms and thus isn't platform dependent anymore. Your hashes should thus be compatible.

NikiC
  • 100,734
  • 37
  • 191
  • 225
0

Tiger algorithms in PHP

The Tiger192,4 algorithm is often recommended for hashing, however I've just discovered you can get different hash values on different machines.

Impossible! (you say)

Well it turns out PHP <5.4 implements Tiger with LSB first, while PHP 5.4+ implements Tiger with MSB first. Which is correct? I can't say (LSB matches testtiger while MSB matches the wikipedia examples) but the point is... don't use Tiger if hashes need to be portable or survive a PHP upgrade (a PHP 5.3->5.4 will break a Tiger hashed password table, which has significant maintainability implications).

To test...

echo hash("tiger192,3","The quick brown fox jumps over the lazy cog")."\n".
     hash("tiger192,3","");

MSB: (PHP 5.4.5)
a8f04b0f7201a0d728101c9d26525b31764a3493fcd8458f
3293ac630c13f0245f92bbb1766e16167a4e58492dde73f3

LSB: (PHP 5.3.2)
d7a001720f4bf0a8315b52269d1c10288f45d8fc93344a76
24f0130c63ac933216166e76b1bb925ff373de2d49584e7a

(My solution? Use a different algorithm, and embed a known hash test in the unit test code)

Community
  • 1
  • 1
Rudu
  • 15,682
  • 4
  • 47
  • 63
0

Is there a particular reason why you decided to use the phpass library? You didn't elaborate on that point, but if you were simply looking for a more secure algorithm than MD5, take a look at hash() coupled with an algorithm like sha512.

FtDRbwLXw6
  • 27,774
  • 13
  • 70
  • 107
  • This is, in my opinion, irrelevant. It's not about hash security (altough this has lead me to avoid md5 in the first place), but about *different* hashes of the same string and how to approach this without the password becoming invalid on another system. – nevvermind Sep 11 '11 at 15:08
  • 1
    Hash algorithms do not produce different output on different systems. I don't know anything about phpass, but perhaps it's using a different algorithm on one of your systems because that system does not support the algorithm it used on the original system. – FtDRbwLXw6 Sep 11 '11 at 15:24