ToDo: Clear the question: Blowfish or SHA512 !?

[panique]

Short version: The script currently uses SHA512 hashing and a 16 char salt, generating a 118 char hash. In earlier versions of the script, it used BLOWFISH hashing with a 22 char salt, generating a 60 char hash.

This needs to be clarified (which is more secure, and why...).

[desynergy]

Right now this is something that is debated on a lot of sites. It's like a Ford vs Chevrolet debate. Right now both are secure and right now there is several "misinformation" blogs/write ups on the web that is incorrect on why one is better than the other. MD5 is not secure. SHA3 has been cracked. SHA512 and Blowfish are both secure. I would say either A) If you switch to Blowfish, will there be an easy upgrade option for admins that are already using your 1-minimal project? B) Is there any way to have both in your script and choose one or the other at the time of first configuration?

[GrahamCampbell]

Should this be added to the wiki?

[panique]

I just made a wiki out of this: https://github.com/panique/php-login/wiki/Which-hashing-&-salting-algorithm-should-be-used-%3F

[clobber]

@panique - you should be using this (and only this) bcrypt compat wrapper (https://github.com/ircmaxell/password_compat) for password_hash which will be available in PHP 5.5

Plus rolling your own security is always a bad idea.

[panique]

@clobber Yes, i totally agree! There are some discussions on this, have a look into the issues/wiki. I'm planning to implement this in early June 2013.

[clobber]

Good to hear! Just one library file and two functions to deal with so it's really simple. Then you'll never have to worry about encryption algos or hashes again ;)

[panique]

I made some benchmarks (additionally to the ones given in the stackoverflow answers) here: https://github.com/panique/php-login/wiki/Which-hashing-&-salting-algorithm-should-be-used-%3F

They might not be really representative, but they give a little view on the hash/salt possibilities, cost factors and the final way to go.

And: BLOWFISH seems to be the choice. Information on real-world scenarios, with real cracker equipment is very rare, but i hope to find some more.

By the way: before php-login changed it's hashing/salting to crypt() with SHA512 (due to demand from the community), it was already using crypt() with BLOWFISH. ;)

So, the consequence so far:

1. BLOWFISH seems to be the slowest alorithm (but those benchmarks may not be accurate, as cracking relies on RAM speed, CPUs, GPUs, GPU architecture, setups of clever cracking algorithm sharing etc).
2. BLOWFISH is the one preferred by the guys that build the official PHP 5.5. password functions.
3. According to the max-out-benchmark BLOWFISH's cost factor can be stretched much more than SHA512's.
4. BLOWFISH is the only algorithm supported by the PHP password compatibility library so far.

[panique]

Notice: The BLOWFISH+salt algorithm is implemented (using the standard setup of the new PHP 5.5 password hash function incl. the PHP 5.3/5.4 compatibility pack).

[clobber]

Great! One thing, you may want to consider storing the hash in the recommended VARCHAR(255) column "to avoid truncation issues if a future algorithm increases the length of the generated hash."

[panique]

Oh, never heard of that! Do you have some information/links/stuff on this ? Looks interesting...

[clobber]

Sure - it's mentioned in the password_compat readme under the "Creating Password Hashes" section: https://github.com/ircmaxell/password_compat/blob/master/README.md

[desynergy]

Is there an upgrade process? I wrote over the 1-minimal files and now cant log in.

On 5/27/2013 8:19 PM, panique wrote:

Notice: The BLOWFISH+salt algorithm is implemented (using the standard setup of the new PHP 5.5 password hash function incl. the PHP 5.3/5.4 compatibility pack).

— Reply to this email directly or view it on GitHub https://github.com/panique/php-login/issues/55#issuecomment-18520075.