I am seeking advice on how to securely store passwords in MySQL using PHP.
Overlooking the limitations of PHP itself, I want to know more about salting, hashing, and encrypting these bad boys.
Obviously people will continue to use weak passwords unless forced to do otherwise, but it’s how I am storing them that is important to me. My user’s passwords are far more important to me than the database itself, and as such I want to keep them in such a way that it will be painstaking and monotonous for any script kiddie trying reverse. Obviously with due diligence just about anything can be defeated, but I wouldn’t mind making this particularly bothersome.
There are two scenarios we are looking at.
- The kiddie has a complete copy of the database.
- The kiddie has a complete copy of the PHP used to craft the password, and the database.
Any and all advice on this topic is graciously appreciated.
Use
bcrypt. If someone has the user table of your database, then they can use brute force/rainbow tables/etc to their heart’s content. Even with salt, if you’re using MD5 or some other fast-hashing algorithm (which aren’t designed to solve this problem, by the way); it’s just a matter of time before it can be cracked.Any well-known and widely-supported hashing algorithm is going to have this same basic “flaw” (if you can call it that; it’s really by definition). The difference is that
bcryptis slow as molasses when performing the hashing operation, rendering a brute force attack much less effective.For an absolutely great discussion on the merits of
bcrypt, the dangers of other approaches, and the difficulty of password security in general, read this thread. It has lots of comments by many people that are much more knowledgeable about this sort of thing than I am, and it should hopefully help you understand more of the issues at stake.