All geek questions in one place

How to safely generate SSHA256 or SSHA512 hashes in PHP?

I am working on for mail servers (this is open source if you want to take a look).

To do this, I need to be able to generate a hashed password that is read by Dovecot . As described on their wiki , their recommended password hash scheme is SSHA256 (optional S for salting).

It also explains that it can be quite simple to implement using something like this PHP code:

$salt = 'generate_a_salt_somehow'; $hash = hash('sha256', $password . $salt);

However, from what I read about cryptography, this is rather a naive way to generate salted hashes, but if you do it wrong when typing AES in the source code , I figured that might be true in this case.

So, if you have an understanding of cryptography, I would like to hear about the safest way to do this, be it mcrypt, mhash or something else.

+6
source share
2 answers

The Dovecot wiki page you linked to explains what kind of hash format Dovecot uses. You have no choice in this matter - Dovecot has its own expectations regarding how the hash will look, so you should play by your own rules:

For most salt password schemes (SMD5, SSHA *), the salt is stored after the password hash, and its length can change. When hashing the password, add salt after the plaintext password, for example: SSHA256 (pass, salt) = SHA256 (pass + salt) + salt.

Thus, a suitable password generation function in PHP might look like this:

 $hash = "{SSHA256}" . base64_encode(hash('sha256', $password . $salt) . $salt);
+8
source

PHP password generation function:

 $hash = "{SSHA256}".base64_encode(hash('sha256', $password.$salt, true).$salt);

Necessarily "true" is the third parameter ...

+5
source

Source: https://habr.com/ru/post/892864/

More articles:


All Articles