All geek questions in one place

How safe is it to use phpass between multiple servers?

With "portable_hash" enabled. I noticed that for some reason, the hashes that it generates are not always the same, but always return as valid when passed through "CheckPassword". I also noticed that "PHP_VERSION" is used in hash generation - these two things combined made me worried ... How portable is portable? Can I move hashes (stored in a user database) between servers, linux, windows, 64-bit, 32-bit, etc. - and still check them out? What do I need to do so that passwords are no longer verified?

The reason I ask is because I use phpass for passwords within my framework, which will involve several of my sites, many of which currently have several thousand users, and there have been times when I had to move them to different servers, and of course upgrade php. I can also disable one or two of Apache, say lighthttpd or something like that. Needless to say, I'm very paranoid. Someday I will have a support nightmare, and I can’t fix it in any other way than sending new passwords to everyone (which sounds very uncertain).

If there is even the slightest chance that passwords will ever be invalidated, what steps should I take to create my own password hash generator? I already use a 16-byte random salt (Per-user), and besides it, the only other problem is stretched - right?

+4
source share
2 answers

Depending on the version of PHP you do not need to have portable hashes. On PHP 5.3 and later, PHP ships its own bcrypt implementation if it is not available on the system. If all your servers have PHP 5.3 or higher, I highly recommend disabling portable hashes. PHPass "hashes of laptop computers" exists because, depending on the installed version of PHP, bcrypt may not be available.

However, PHPass portable hash files store salt in their hash. Therefore, each launch with the same password is different.

In addition, PHPass uses PHP_VERSION when generating these hashes * to check if the md5() function with this version $rawMode parameter. If this is not the case, pack() used to convert hexadecimal data to binary (note that this is significantly slower, but just uses $rawMode , so a branch is created).

Again, if all of your servers are running PHP 5.3 or later, I highly recommend disabling portable mode and using PHPass instead of bcrypt instead. Since PHP 5.3+ provides its own implementation when the system is unavailable, your hash will be checked in different OSs. Even if you disable portable mode, PHPass will still be smart enough to check your old hashes properly.

I was in the same situation as you, using PHPass in my structure on several sites. Since I turned off portable mode, I set my login script to gradually reuse passwords that do not use bcrypt at login.

* Line 131

EDIT:. For a more detailed explanation of how hashes are generated in portable mode (simplified, does not use the actual variables found in PHPass, but accurate). Note that PHPass uses its own base64 encoding version.

  • $final = '$P$'

  • $final .= encode64_int($rounds) (from the constructor, minimum 5 in PHP 5+, 3 others)

  • $final .= genSalt() (The salt is 6 bytes ... 8 bytes in the format "encode64").

  • $hash = md5($salt . $password)

  • For 2 $rounds times, do $hash = md5($hash . $password)

  • $final = encode64($hash)

So the final hash is essentially this:

 $P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0 \__________/\____________________/ \ \ \ \ Actual Hash \ \ $P$ 9 IQRaTwmf \_/ \ \______/ \ \ \ \ \ \ Salt \ \ \ \ # Rounds (not decimal representation, 9 is actually 11) \ \ Hash Header
+8
source

The only thing I see in PHP_VERSION is on this line:

 $output .= $this->itoa64[min($this->iteration_count_log2 + ((PHP_VERSION >= '5') ? 5 : 3), 30)];

Now all this statement determines the maximum number of iterations. And this is in the gensalt_private method, which generates salts. Thus, this will only happen when saving a new password and creating a salt. Thus, all previously obtained salts are 100% tolerable. So there is no real portability problem with this at all ...

Otherwise, if you use the latest version of php (5.0+), you should have no problems with portability, as far as I can tell (since the hash function is built-in) ...

+1
source

Source: https://habr.com/ru/post/1336896/

More articles:


All Articles