V 1.0 OE NIK 2013
PHP+SQL5.
Password management (password hashing)Stateless HTTP, storage methodsLogin form
1
V 1.0 OE NIK 2013
PHP+SQL5.
Password management (password hashing)Stateless HTTP, storage methodsLogin form
2
V 1.0
Storing passwords• Probably the most sensitive data• Storing passwords in a cleartext form is not allowed! Any
website/program that is capable of sending forgotten passwords uses cleartext passwords!
• Aim: password authentication without storing the password itself
• Symmetric Encryption vs Assymetric Encryption not secure, the key have to be stored somewhere ...
• Instead: one-way transformation. If we store f(pw) instead of pw, and pw cannot be guessed from f(pw), then it is safe
• The user enters his password (pw2), which is correct, if f(pw)==f(pw2)
OE NIK 2013 3
V 1.0
Hashing functions• Aim: search an f(x) function that is
– Cannot be decrypted (one-way): it is not possible to find x from f(x)
– Finite output (typically 128-512 bit) : we want to store f(x) in a database, it cannot be infinite, even if x can take any possible values
– Theoretical aim: f(x)==f(y) x==y– Practical aim: the probability of a collision must be
the smallest possible (collision in case of x!=y, the outputs f(x)==f(y) are the same (infinite possible inputs, finite output – still, we want few collisions)
OE NIK 2013 4
V 1.0
Hashing functions• Practical examples
– MD5: 128bit, 1991-2004, theoretically insecure (since 1996), practically insecure (since 2004), very easy to crack (since 2005-2007, since 2009 only a few seconds are needed (time factor 220,96)
– SHA1: 160bit, exists since 1995, used since ~2000. Theoretically insecure (since 2005, 251), despite this, it is a very common hashing function
– SHA256/224, SHA512/384 (SHA2): since 2001, probably has the same mathematical weakness
– SHA3: Completely new algorithm (Keccak), since 2012.10.02., arbitrary output length (MD6?)
OE NIK 2013 5
V 1.0
Hashing functions in PHP• Default output: hexadecimal byte sequence• string hash ( string $algo , string $data [, bool
$raw_output = false ] )– Possibility to use multiple algorithms– Faster– Can't use salt
• string crypt ( string $str [, string $salt ] )– The main algorithms are here (SHA1, SHA2)– Since 5.3 PHP can use its own implementation – salt-compatible
OE NIK 2013 6
V 1.0
Hashing in PHP$password="almafa"; $salt="";for($i=1; $i<=16; $i++) $salt.=chr(rand(ord('A'), ord('Z')));$hash=crypt($password, '$5$rounds=5000$'.$salt.'$');
//$5$ = SHA256, $6$ = SHA512$result1=crypt("kortefa", $hash);$result2=crypt("almafa", $hash);echo "Password: {$password}<br>";echo "Salt: {$salt}<br>";echo "Hash: {$hash}<br>";echo "Result1: {$result1}<br>";echo "Result2: {$result2}<br>";
OE NIK 2013 7
V 1.0
Hashing in PHPPassword: almafaSalt: KPABPDIJFTCVFABUHash: $5$rounds=5000$KPABPDIJFTCVFABU$RWNvee2gQ0Vhi18lmZjw/.J3h1k12o2c/.JmUK1lEhDResult1: $5$rounds=5000$KPABPDIJFTCVFABU$2BUvHZFXlo3AP7ULueqRWKXgRwjOsiSPNc316YXOSn7Result2: $5$rounds=5000$KPABPDIJFTCVFABU$RWNvee2gQ0Vhi18lmZjw/.J3h1k12o2c/.JmUK1lEhD
OE NIK 2013 8
V 1.0
Hashing – this semester• Storing passwords in cleartext form is FORBIDDEN• Textual user database is enough• user|hash pairs, it is enough to use the basic sha1() e.g.
http://bit.ly/9vM3cA or simply echo sha1("password")• After this, read the file using file($path,
FILE_IGNORE_NEW_LINES) then explode("|", $row)
OE NIK 2013 9
V 1.0 OE NIK 2013
PHP+SQL5.
Password management (password hashing)Stateless HTTP, storage methodsLogin form
10
V 1.0 OE NIK 2013
11
STATELESS HTTP
V 1.0
COOKIES• Data storage in the browser: key, value, validity time,
validity domain• Setting values: from Javascript or PHP code
(in the latter case, it is sent in the HTTP response headers)
• Getting values: in every HTTP Request, the browser sends all valid cookies, these go into the $_COOKIE array
• NOT SECURE to store sensitive data, because anyone can see and mondify the data
• Typically: visitor tracking, feedback of javascript variables, advertisement data, „tracking cookie”
OE NIK 2013 12
V 1.0
COOKIES
OE NIK 2013 13
V 1.0
COOKIES
• setcookie(name, value, expire, path, domain); • setcookie("user", "Alex Porter", time()+3600);• echo $_COOKIE["user"];
print_r($_COOKIE);• setcookie("user", "", time()-3600);• http://www.w3schools.com/php/
php_cookies.asp
• ALTERNATIVE: HTML5 local storage
14OE NIK 2013
V 1.0
SESSION variables• Data storage on the server: key, value• Initializing a session: session_start()• Session identification: SID (Session ID), the browser
sends it with every HTTP Request ($_COOKIE or $_GET)• Accessing values: The browser sends the SID, the
session_start() loads the data associated with the given SID into the $_SESSION array
• The client only stores the SID, the associated data are on the server more secure
• Session hijacking?
OE NIK 2013 15
V 1.0
SESSION variables
16OE NIK 2013
V 1.0
SESSIONS• session_start();
• if (isset($_SESSION['views']))$_SESSION['views']=$_SESSION['views']+1;
else$_SESSION['views']=1;
echo "Views=". $_SESSION['views'];
• unset($_SESSION['views']);session_destroy();setcookie(session_name(), '', time() – 86400);
• http://www.w3schools.com/php/php_sessions.asp
17OE NIK 2013
V 1.0
SESSION HIJACKING
$sesskey =$_SERVER['HTTP_USER_AGENT'];$sesskey.=$_SERVER['REMOTE_ADDR'];$sesskey.='HELLOBELLO';$sesskey=sha1($sesskey);
if(isset($_SESSION['sesskey'])) {if ($_SESSION['sesskey']!=$sesskey) {
die("NOT ALLOWED");}
} else {$_SESSION['sesskey']=$sesskey;
}
18OE NIK 2013
V 1.0 OE NIK 2013
PHP+SQL5.
Password management (password hashing)Stateless HTTP, storage methodsLogin form
19
V 1.0 OE NIK 2013
20
Login form
• Create a users.txt file with user|hash pairs(sha1, we'll create a php script, but we could use http://bit.ly/9vM3cA too (no line breaks!) )
• Create the login.html form: username and password + submit button
• Create the index.php script: it displays the login form, if the user is not logged in, otherwise it displays the contents of a textfile diary.txt and a logout link at the bottom
• The logged-in users must be able to edit the textfile
V 1.0
$_GET['action']LOGIN
ANYTHING ELSE
LOGIN FORM ORLOGOUT LINK
DESTROY SESSION
LOGOUT
USER INPUT? YES
NO
ERROR(echo)
Check USER/PASS(+ set $_SESSION)
REDIRECT USER(header + exit)
INDEX.PHP
REDIRECT USER(header + exit)
21OE NIK 2013
V 1.0
$_SESSION['user']SET NOT SET
LOGIN FORM
LOGIN FORM OR LOGOUT LINK?
TEXT + LOGOUT LINK
22OE NIK 2013
We have to add extra actions for text editing
...
V 1.0 OE NIK 2013
LET'S CODE!
23
V 1.0 OE NIK 2013 24
25OE NIK 2013
