Hi David,
On Mon, Jul 21, 2014 at 2:53 PM, David Muir <[email protected]> wrote:
> Prehashing with sha512 means it is no longer blowfish. It is now a
> non-vetted DIY algorithm. The whole point of password_hash is to avoid this
> type of thing, and should be clearly discouraged in the documentation.
>
I agree. It's far better if it could handle limitless password length.
The problem is "there is no way to achieve this with current
implementation".
It's a classic example of what not to do.
>
I agree here, too. We are better to have algorithm that does not enforce
user/developer to certain password and recommend "Just use it".
However, Using multiple hashes for better security is common technique.
An example is SSL. So I would not say one should not. Especially when there
is a limitation.
In old days, crypt() was unusable securely. There are many users/developers
that
are used to have static slat. Code like below disables authentication
completely.
password_hash(hash('sha512', SOME_SECRET_SALT).$password, DEFAULT);
This should be prevented. (I would like to prevent it by raising E_NOTICE
error)
If we would like to recommend "Just use it", we may consider adding SHA512
to password_hash().
Regards,
--
Yasuo Ohgaki
[email protected]
