On Wed, Jun 13, 2012 at 5:31 PM, Nikita Popov <nikita....@googlemail.com> wrote: > Hi internals! > > Recent incidents have shown that even very large websites still don't > get how to do password hashing properly. The sha1 hashes used by > Linkedin et al can be easily cracked even by amateurs without special > hardware. > > What could be the reason for this? Why don't people use bcrypt? It is > being recommended already for *years*, but still most people don't > seem to make use of it. > > I think the reason is that it is incredibly hard to use crypt() > correctly, mainly for the following reasons: > > * For many people the syntax is hard to grasp. The hashing algorithm > is specified as the salt parameter, which is somewhat non-obvious (at > least for me). > * The fact that you verify a password using $hash == crypt($password, > $hash) is equally non-obvious. > * Generating correct salts for bcrypt is quite complicated. It is > encoded in some strange base64 format, thus requiring an additional > function to create it. Additionally it isn't particularly easy to > fetch the random bytes for the salt as you have to check several > possibilities for a cross-platform solution (mcrypt initialization > vector, openssl, /dev/*random, mt_rand etc). > > Correctly hashing a password with bcrypt thus requires about a hundred > lines of code. So one either has to import a library (and strangely it > seems that people don't like to do that!) or has to roll your own > (usually implementing some part incorrectly...) > > Obviously it's somewhat tempting to use a one-liner sha1() hash > instead of a hundred line bcrypt hash. > > So, wouldn't it be better if PHP provided an easy to use API for > secure password hashes natively? So you just have to call a single > function, which magically handles everything for you (like salt > generation). > > A simple sample API could be two functions password_hash($password) > and password_hash_verify($password, $hash). But it could just as well > be a fancy, extensible OOP API. > > I think this would greatly improve the hashing situation for PHP. > > Thanks, > Nikita
Strong +1 on this. I'd suggest writing an RFC. -- Gwynne -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
