password hashing: the right way

Password Hashing: The Right Way

Jeremy Kendall - Memphis PHPJanuary 28, 2014

Wednesday, January 29, 14

I love to code

I’m terribly forgetful

I love to code

I take pictures

I love to code

I take pictures

I work at OpenSky

I’m a Little Off My Game

What Qualifies Me To Talk About Security?

Not Much

Not MuchBut that will work in our favor ...

Cryptography is Hard

Cryptography is HardPro Tip: Leave it to the experts

The Wrong Way

class SecurityFail{ // Encrypt Passwords for Highest Level of Security. static public function encrypt($pword) { return md5($pword); }

http://csiphp.com/blog/2012/02/16/encrypt-passwords-for-highest-level-of-security/

The Right Way

http://php.net/manual/en/ref.password.php

The Awesomer Way

Password Hashing Functions

Password Hashing FunctionsPro Tip: Use password_compat for PHP 5.3.7+

Pro Tip: Use phpass for PHP <= 5.3.6

password_hash

http://www.php.net/manual/en/function.password-hash.php

password_hash

‣ Creates a new password hash

password_hash

‣ Strong, one-way hashing algorithm

password_hash

‣ PASSWORD_DEFAULT or PASSWORD_BCRYPT

password_hash

‣ PASSWORD_DEFAULT or PASSWORD_BCRYPT

‣ Optional cost and salt

password_hash

‣ Always use PASSWORD_DEFAULT

password_hash

‣ Your DB’s password field should be varchar(255)

password_hash

‣ Do not use your own salt

password_hash

‣ Do not use your own salt

‣ Check for an appropriate cost using the example script in the manual

password_hash

$hash = password_hash('secret pass', PASSWORD_DEFAULT);

$options = array('cost' => 12);$hash = password_hash('secret pass', PASSWORD_DEFAULT, $options);

password_verify

‣ Verifies that a password matches a hash

password_verify

‣ Verifies that a password matches a hash

‣ Uh, yeah, that’s about it

password_verify

$valid = password_verify($_POST['pass'], $hashFromDb);

password_needs_rehash

‣ Checks password to see if it needs to be updated

‣ Uses both hash and cost to check current hash

$needsRehash = password_needs_rehash($hashFromDb, PASSWORD_DEFAULT);

$options = array('cost' => 12);$needsRehash = password_needs_rehash($hashFromDb, PASSWORD_DEFAULT, $options);

That’s Awesome and Secure

But Could It Be Awesomer, Securer, and Easier?

Password Validator

‣ Validates passwords against password_hash

Password Validator

‣Will rehash when needed

Password Validator

‣Will upgrade legacy passwords

Password Validator

‣ Requires PHP 5.3.7+

Password Validator

‣ Requires PHP 5.3.7+

‣ (No version for <=5.3.6 is in the works)

Password Validator

use JeremyKendall\Password\PasswordValidator;use JeremyKendall\Password\Result as ValidationResult;

$passwordHash = password_hash('password', PASSWORD_DEFAULT);

$validator = new PasswordValidator();$result = $validator->isValid('password', $passwordHash);

$valid = $result->isValid();$code = $result->getCode();

// $valid = true// $code = ValidationResult::SUCCESS

Password Validatoruse JeremyKendall\Password\PasswordValidator;use JeremyKendall\Password\Result as ValidationResult;

$options = array('cost' => 9);$passwordHash = password_hash('password', PASSWORD_DEFAULT, $options);

$validator = new PasswordValidator();$validator->setOptions($options);$result = $validator->isValid('password', $passwordHash);

$valid = $result->isValid();$code = $result->getCode();

// $valid = true// $code = ValidationResult::SUCCESS

Password Validatoruse JeremyKendall\Password\PasswordValidator;use JeremyKendall\Password\Result as ValidationResult;

$options = array('cost' => 9);$passwordHash = password_hash('password', PASSWORD_DEFAULT, $options);

$validator = new PasswordValidator();

// Remember, default cost is 10, so a cost 9 hash gets rehashed$result = $validator->isValid('password', $passwordHash);

$valid = $result->isValid();$code = $result->getCode();$hash = $result->getPassword();

// $valid = true// $code = ValidationResult::SUCCESS_PASSWORD_REHASHED// $hash = the new, rehashed password. Save it!

Fine, But We’re Not Using password_hash Yet ...

Decorator Pattern

http://en.wikipedia.org/wiki/Decorator_pattern

Decorator Pattern

‣Wrap an object

Decorator Pattern

‣Wrap an object

‣ Change its behavior

Decorator Pattern

‣Wrap an object

‣ Change its behavior

‣ Dynamically attach additional responsibilities

PasswordValidatorInterface

interface PasswordValidatorInterface{ public function isValid($password, $passwordHash, $identity = null);

public function rehash($password);

public function setOptions(array $options);

public function getOptions();}

Upgrade Decorator

‣ Used when you’re not already using password_hash ...

Upgrade Decorator

‣ ... but you’re ready to do things the right way

Upgrade Decorator

‣ Accepts an instance of PasswordValidatorInterface ...

Upgrade Decorator

‣ Accepts an instance of PasswordValidatorInterface ...

‣ ... and a validation callback

Upgrade Decorator

// Somewhere in your authentication scriptif (hash('sha512', $password) === $passwordHash) { $valid = true;}

$valid = false;

Upgrade Decorator

// Same authentication check expressed as a callback$validationCallback = function ($password, $passwordHash) { if (hash('sha512', $password) === $passwordHash) { return true; }

return false;};

Upgrade Decorator

$validator = new UpgradeDecorator( new PasswordValidator(), $validationCallback);

$passwordHash = hash('sha512', 'password');$result = $validator->isValid('password', $passwordHash);

$valid = $result->isValid();$code = $result->getCode();$hash = $result->getPassword();

// $valid = true// $code = ValidationResult::SUCCESS_PASSWORD_REHASHED// $hash = the new, rehashed password. Save it!

Fine, But Now I Have to Test for SUCCESS_PASSWORD_REHASHED

Every Time

Storage Decorator

‣ Automatically stores all rehashed passwords

Storage Decorator

‣ Accepts two constructor args:

Storage Decorator

‣ Instance of PasswordValidatorInterface

Storage Decorator

‣ Instance of PasswordValidatorInterface

‣ Instance of StorageInterface

StorageInterface

interface StorageInterface{ /** * Updates user's password in persistent storage * * @param string $identity Unique user identifier * @param string $password New password hash */ public function updatePassword($identity, $password);}

UserDaouse JeremyKendall\Password\Storage\StorageInterface;

class UserDao implements StorageInterface{ protected $db;

public function __construct(\PDO $db) { $this->db = $db; }

public function updatePassword($identity, $newPasswordHash) { $sql = 'UPDATE users SET passwordHash = :passwordHash WHERE identity = :identity'; $stmt = $this->db->prepare($sql); $stmt->execute(array('passwordHash' => $newPasswordHash, 'identity' => $identity));

return $this->find($identity); }}

Storage Decorator

use JeremyKendall\Password\Decorator\StorageDecorator;

$validator = new StorageDecorator($upgradeDecorator, $userDao);

// Uses the optional third argument for PasswordValidatorInterface::isValid()$result = $validator->isValid('password', $passwordHash, 'arthur@arthurdent.com');

// Result is the same as any other validation attempt except ...// ... ValidationResult::SUCCESS_PASSWORD_REHASHED hashes are automatically persisted!

‣ Use the new PHP password hashing functions

‣ Use Password Validator to make it dead simple

‣ If you’re not at PHP 5.5, use password_compat

‣ If you’re not at PHP 5.3.7+, UPGRADE

‣ If you can’t upgrade, use OpenWall’s phpass

‣ DO NOT ROLL YOUR OWN

Resources

‣ PHP Password Hashing Functions: http://php.net/password

Resources

‣ Original password_hash RFC: https://wiki.php.net/rfc/password_hash

Resources

‣ Password Validator: https://github.com/jeremykendall/password-validator

Resources

‣ password_compat: https://github.com/ircmaxell/password_compat

Resources

‣ password_compat: https://github.com/ircmaxell/password_compat

‣ OpenWall phpass: http://www.openwall.com/phpass/

Thanks!

jeremy@jeremykendall.net

http://about.me/jeremykendall

@jeremykendall

http://365.jeremykendall.net

password hashing: the right way

wednesday

14 cryptography

work

love

january 29

Technology

hash-funktionen hashing mit verkettung offenes hashing...

asfws 2103 - rump session - the password hashing...

file organizations jan. 2008yangjun chen acs-39021 outline:...

hashing (tabela de dispersão). roteiro contextualização...

argon and argon2 -...

hashing part two: static perfect hashing

solar designer new developments in password hashing

10/17/2002cse 202 - hashing cse 202 - algorithms hashing...

lecture xi hashingyap/wiki/pm/uploads/algo/l11_base.pdf ·...

hashing - ibr.cs.tu-bs.de12.pdf · 4/33 hashing...

hashing, hashing tables chapter 8. class hierarchy

yescrypt – password hashing beyond bcrypt and scrypt

lyra2: passwordhashingscheme …€¦ · trade-offs entre...

disclosing password hashing policies

v 1.0 oe nik 2013 php+sql 5. password management (password...

improving usability through password-corrective hashing...

new static hashing schemes - github...

rig : a simple, secure and exible design for password...

using the right password - macmillan

the password that never...