How to use PHP s password hash to hash and verify passwords

Question

Recently I have been trying to implement my own security on a log in script I stumbled upon on the internet  After struggling of trying to learn how to make my own script to generate a salt for each user  I stumbled upon password hash    From what I understand  based off of the reading on this page   salt is already generated in the row when you use password hash  Is this true    Another question I had was  wouldn t it be smart to have 2 salts  One directly in the file and one in the DB  That way  if someone compromises your salt in the DB  you still have the one directly in the file  I read on here that storing salts is never a smart idea  but it always confused me what people meant by that

User · Answer

There is a distinct lack of discussion on backwards and forwards compatibility that is built in to PHP's password functions. Notably:

Backwards Compatibility: The password functions are essentially a well-written wrapper around crypt(), and are inherently backwards-compatible with crypt()-format hashes, even if they use obsolete and/or insecure hash algorithms.
Forwards Compatibilty: Inserting password_needs_rehash() and a bit of logic into your authentication workflow can keep you your hashes up to date with current and future algorithms with potentially zero future changes to the workflow. Note: Any string that does not match the specified algorithm will be flagged for needing a rehash, including non-crypt-compatible hashes.

Eg:

class FakeDB {
    public function __call($name, $args) {
        printf("%s::%s(%s)\n", __CLASS__, $name, json_encode($args));
        return $this;
    }
}

class MyAuth {
    protected $dbh;
    protected $fakeUsers = [
        // old crypt-md5 format
        1 => ['password' => '$1$AVbfJOzY$oIHHCHlD76Aw1xmjfTpm5.'],
        // old salted md5 format
        2 => ['password' => '3858f62230ac3c915f300c664312c63f', 'salt' => 'bar'],
        // current bcrypt format
        3 => ['password' => '$2y$10$3eUn9Rnf04DR.aj8R3WbHuBO9EdoceH9uKf6vMiD7tz766rMNOyTO']
    ];

    public function __construct($dbh) {
        $this->dbh = $dbh;
    }

    protected function getuser($id) {
        // just pretend these are coming from the DB
        return $this->fakeUsers[$id];
    }

    public function authUser($id, $password) {
        $userInfo = $this->getUser($id);

        // Do you have old, turbo-legacy, non-crypt hashes?
        if( strpos( $userInfo['password'], '$' ) !== 0 ) {
            printf("%s::legacy_hash\n", __METHOD__);
            $res = $userInfo['password'] === md5($password . $userInfo['salt']);
        } else {
            printf("%s::password_verify\n", __METHOD__);
            $res = password_verify($password, $userInfo['password']);
        }

        // once we've passed validation we can check if the hash needs updating.
        if( $res && password_needs_rehash($userInfo['password'], PASSWORD_DEFAULT) ) {
            printf("%s::rehash\n", __METHOD__);
            $stmt = $this->dbh->prepare('UPDATE users SET pass = ? WHERE user_id = ?');
            $stmt->execute([password_hash($password, PASSWORD_DEFAULT), $id]);
        }

        return $res;
    }
}

$auth = new MyAuth(new FakeDB());

for( $i=1; $i<=3; $i++) {
    var_dump($auth->authuser($i, 'foo'));
    echo PHP_EOL;
}

Output:

MyAuth::authUser::password_verify
MyAuth::authUser::rehash
FakeDB::prepare(["UPDATE users SET pass = ? WHERE user_id = ?"])
FakeDB::execute([["$2y$10$zNjPwqQX\/RxjHiwkeUEzwOpkucNw49yN4jjiRY70viZpAx5x69kv.",1]])
bool(true)

MyAuth::authUser::legacy_hash
MyAuth::authUser::rehash
FakeDB::prepare(["UPDATE users SET pass = ? WHERE user_id = ?"])
FakeDB::execute([["$2y$10$VRTu4pgIkGUvilTDRTXYeOQSEYqe2GjsPoWvDUeYdV2x\/\/StjZYHu",2]])
bool(true)

MyAuth::authUser::password_verify
bool(true)

As a final note, given that you can only re-hash a user's password on login you should consider "sunsetting" insecure legacy hashes to protect your users. By this I mean that after a certain grace period you remove all insecure [eg: bare MD5/SHA/otherwise weak] hashes and have your users rely on your application's password reset mechanisms.

User · Answer

Class Password full code   Class Password        public function   construct                       Hash the password using the specified algorithm                param string  password The password to hash         param int     algo     The algorithm to use  Defined by PASSWORD   constants          param array   options  The options for the algorithm to use                return string false The hashed password  or false on error              function password hash  password   algo  array  options   array              if   function exists  crypt                  trigger error  Crypt must be loaded for password hash to function   E USER WARNING               return null                    if   is string  password                 trigger error  password hash    Password must be a string   E USER WARNING               return null                    if   is int  algo                 trigger error  password hash   expects parameter 2 to be long      gettype  algo      given   E USER WARNING               return null                    switch   algo                case PASSWORD BCRYPT                      Note that this is a C constant  but not exposed to PHP  so we don t define it here                   cost   10                  if  isset  options  cost                            cost    options  cost                        if   cost  lt  4     cost  gt  31                            trigger error sprintf  password hash    Invalid bcrypt cost parameter specified   d    cost   E USER WARNING                           return null                                                             The length of salt to generate                  raw salt len   16                     The length required in the final serialization                  required salt len   22                   hash format   sprintf   2y  02d     cost                   break              default                   trigger error sprintf  password hash    Unknown password hashing algorithm   s    algo   E USER WARNING                   return null                    if  isset  options  salt                   switch  gettype  options  salt                       case  NULL                    case  boolean                    case  integer                    case  double                    case  string                         salt    string  options  salt                        break                  case  object                        if  method exists  options  salt       tostring                               salt    string  options  salt                            break                                        case  array                    case  resource                    default                       trigger error  password hash    Non-string salt parameter supplied   E USER WARNING                       return null                            if  strlen  salt   lt   required salt len                    trigger error sprintf  password hash    Provided salt is too short   d expecting  d   strlen  salt    required salt len   E USER WARNING                   return null                elseif  0    preg match     a-zA-Z0-9      D    salt                      salt   str replace           base64 encode  salt                            else                salt   str replace           base64 encode  this- gt generate entropy  required salt len                        salt   substr  salt  0   required salt len             hash    hash format    salt            ret   crypt  password   hash            if   is string  ret     strlen  ret   lt   13                return false                     return  ret                         Generates Entropy using the safest available method  falling back to less preferred methods depending on support                param int  bytes                return string Returns raw bytes             function generate entropy  bytes            buffer                buffer valid   false          if  function exists  mcrypt create iv    amp  amp   defined  PHALANGER                   buffer   mcrypt create iv  bytes  MCRYPT DEV URANDOM               if   buffer                     buffer valid   true                                  if    buffer valid  amp  amp  function exists  openssl random pseudo bytes                   buffer   openssl random pseudo bytes  bytes               if   buffer                     buffer valid   true                                  if    buffer valid  amp  amp  is readable   dev urandom                   f   fopen   dev urandom    r                 read   strlen  buffer               while   read  lt   bytes                     buffer    fread  f   bytes -  read                    read   strlen  buffer                             fclose  f               if   read  gt    bytes                     buffer valid   true                                  if    buffer valid    strlen  buffer   lt   bytes                 bl   strlen  buffer               for   i   0   i  lt   bytes   i                      if   i  lt   bl                         buffer  i     buffer  i    chr mt rand 0  255                      else                        buffer    chr mt rand 0  255                                                      return  buffer                        Get information about the password hash  Returns an array of the information        that was used to generate the password hash                array             algo    gt  1             algoName    gt   bcrypt              options    gt  array                 cost    gt  10                                       param string  hash The password hash to extract info from                return array The array of information about the hash              function password get info  hash             return   array  algo    gt  0   algoName    gt   unknown    options    gt  array               if  substr  hash  0  4       2y    amp  amp  strlen  hash     60                 return  algo     PASSWORD BCRYPT               return  algoName      bcrypt               list  cost    sscanf  hash    2y  d                  return  options    cost      cost                    return  return                        Determine if the password hash needs to be rehashed according to the options provided               If the answer is true  after validating the password using password verify  rehash it                 param string  hash    The hash to test         param int     algo    The algorithm used for new password hashes         param array   options The options array passed to password hash                return boolean True if the password needs to be rehashed              function password needs rehash  hash   algo  array  options   array               info   password get info  hash           if   info  algo       algo                return true                    switch   algo                case PASSWORD BCRYPT                    cost   isset  options  cost       options  cost     10                  if   cost     info  options    cost                          return true                                    break                    return false                        Verify a password against a hash using a timing attack resistant approach                param string  password The password to verify         param string  hash     The hash to verify against                return boolean If the password matches the hash             public function password verify  password   hash            if   function exists  crypt                  trigger error  Crypt must be loaded for password verify to function   E USER WARNING               return false                     ret   crypt  password   hash           if   is string  ret     strlen  ret     strlen  hash     strlen  ret   lt   13                return false                      status   0          for   i   0   i  lt  strlen  ret    i                   status     ord  ret  i     ord  hash  i                        return  status     0

User · Answer

Never use md5   for securing your password  even with salt  it is always dangerous   Make your password secured with latest hashing algorithms as below   lt  php     Your original Password  password    121 121      PASSWORD BCRYPT or PASSWORD DEFAULT use any in the 2nd parameter    PASSWORD BCRYPT always results 60 characters long string  PASSWORD DEFAULT capacity is beyond 60 characters     password encrypted   password hash  password  PASSWORD BCRYPT    For matching with database s encrypted password and user inputted password use the below function   lt  php   if  password verify  password inputted by user   password encrypted            Success      echo  Password Matches    else          Invalid credentials     echo  Password Mismatch      If you want to use your own salt  use your custom generated function for the same  just follow below  but I not recommend this as It is found deprecated in latest versions of PHP  Read about password hash   before using below code   lt  php   options          salt    gt  your custom function for salt           write your own code to generate a suitable  amp  secured salt      cost    gt  12    the default cost is 10      hash   password hash  your password  PASSWORD DEFAULT   options

User · Answer

Yes you understood it correctly  the function password hash   will generate a salt on its own  and includes it in the resulting hash-value  Storing the salt in the database is absolutely correct  it does its job even if known      Hash a new password for storing in the database     The function automatically generates a cryptographically safe salt   hashToStoreInDb   password hash   POST  password    PASSWORD DEFAULT       Check if the hash of the entered login password  matches the stored hash     The salt and the cost factor will be extracted from  existingHashFromDb   isPasswordCorrect   password verify   POST  password     existingHashFromDb     The second salt you mentioned  the one stored in a file   is actually a pepper or a server side key  If you add it before hashing  like the salt   then you add a pepper  There is a better way though  you could first calculate the hash  and afterwards encrypt  two-way  the hash with a server-side key  This gives you the possibility to change the key when necessary   In contrast to the salt  this key should be kept secret  People often mix it up and try to hide the salt  but it is better to let the salt do its job and add the secret with a key

User · Answer

I   ve built a function I use all the time for password validation and to create passwords  e g  to store them in a MySQL database  It uses a randomly generated salt which is way more secure than using a static salt   function secure password  user pwd   multi            secure password   string  user pwd  boolean string  multi             Description           This function verifies a password against a  database-  stored password s hash or         returns  hash for a given password if  multi is set to either true or false          Examples             To check a password against its hash         if secure password  user password   row  user password                   login function                          To create a password-hash          my password    uber sEcUrE pass            hash   secure password  my password  true           echo  hash         Set options for encryption and build unique random hash  crypt options     cost    gt  11   salt    gt  mcrypt create iv 22  MCRYPT DEV URANDOM     hash   password hash  user pwd  PASSWORD BCRYPT   crypt options       If  multi is not boolean check password and return validation state true false if  multi   true  amp  amp   multi   false        if  password verify  user pwd   table pwd    multi             return true     valid password       else           return false     invalid password          If  multi is boolean return  hash   else return  hash

User · Answer

Using password hash is the recommended way to store passwords  Don t separate them to DB and files  Let s say we have the following input   password     POST  password     You first hash the password by doing this   hashed password   password hash  password  PASSWORD DEFAULT    Then see the output  var dump  hashed password    As you can see it s hashed   I assume you did those steps   Now you store this hashed password in your database  ensuring your password column is large enough to hold the hashed value  at least 60 characters or longer   When a user asks to log them in  you check the password input with this hash value in the database  by doing this     Query the database for username and password         if password verify  password   hashed password            If the password inputs matched the hashed password in the database        Do something  you know    log them in         Else  Redirect them back to the login page   Official Reference

User · Answer

Yes  it s true  Why do you doubt the php faq on the function      The result of running password hash   has has four parts    the algorithm used parameters salt actual password hash   So as you can see  the hash is a part of it   Sure  you could have an additional salt for an added layer of security  but I honestly think that s overkill in a regular php application  The default bcrypt algorithm is good  and the optional blowfish one is arguably even better

[php] How to use PHP's password_hash to hash and verify passwords

Examples related to php

Examples related to salt

Examples related to password-hash

Examples related to php-password-hash