Sha1 VS Md5 VS Sha256: Which to Use For a PHP Login

SHA1 vs md5 vs SHA256: which to use for a PHP login?

Neither. You should use bcrypt. The hashes you mention are all optimized to be quick and easy on hardware, and so cracking them share the same qualities. If you have no other choice, at least be sure to use a long salt and re-hash multiple times.

Using bcrypt in PHP 5.5+

PHP 5.5 offers new functions for password hashing. This is the recommend approach for password storage in modern web applications.

// Creating a hash
$hash = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);
// If you omit the ['cost' => 12] part, it will default to 10

// Verifying the password against the stored hash
if (password_verify($password, $hash)) {
// Success! Log the user in here.
}

If you're using an older version of PHP you really should upgrade, but until you do you can use password_compat to expose this API.

Also, please let password_hash() generate the salt for you. It uses a CSPRNG.

Two caveats of bcrypt

  1. Bcrypt will silently truncate any password longer than 72 characters.
  2. Bcrypt will truncate after any NUL characters.

(Proof of Concept for both caveats here.)

You might be tempted to resolve the first caveat by pre-hashing your passwords before running them through bcrypt, but doing so can cause your application to run headfirst into the second.

Instead of writing your own scheme, use an existing library written and/or evaluated by security experts.

  • Zend\Crypt (part of Zend Framework) offers BcryptSha
  • PasswordLock is similar to BcryptSha but it also encrypts the bcrypt hashes with an authenticated encryption library.

TL;DR - Use bcrypt.

What is better? Password_hash vs. SHA256 vs. SHA1 vs. md5

You should absolutely use the password_hash() function without providing your own salt:

$hash = password_hash($password, PASSWORD_DEFAULT);

The function will generate a safe salt on its own. The other algorithms are ways too fast to hash passwords and therefore can be brute-forced too easily (about 8 Giga MD5 per second).

Hashing passwords with MD5, SHA1 and MD5 over SHA1

Neither of these should be used for password hashing they have been proven to be insecure:

MD5 from Wikipedia:
The security of the MD5 has been severely compromised, with its weaknesses having been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".

SHA1 from Wikipedia:

SHA-1 is no longer considered secure against well-funded opponents. In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use,[3] and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3.[4][5][6] Microsoft,[7] Google[8] and Mozilla[9][10][11] have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.

Much more secure hashing algorithms exist such as SHA-2 or 3 which should be considered.

Is it safe to use sha1(md5($password)) and does it make any difference?

Using multiple hash is bad practice, you should always use the password_hash php function to hash your passwords :)

See http://php.net/manual/en/function.password-hash.php

PHP - MD5, SHA, Hashing security

First off md5 and sha1 have been proven to be vunrable to collision attacks and can be rainbow
tabled easily (When they see if you hash is the same in their database of common passwords).

There are currently two things that are secure enough for passwords, that you can use.

The first being sha512. sha512 is a sub-version of SHA2. SHA2 has not yet been proven to be
vunrable to collision attacks and sha512 will generate a 512 bit hash. Here is an example of
how to use sha512:

<?php
hash('sha512',$password);

The other option is called bcrypt. bcrypt is famous for its secure hashes. Its
probably the most secure one out there and most customizable one too.

Before you want to start using bcrypt you need to check if your sever has it enabled, Enter
this code:

<?php
if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) {
echo "CRYPT_BLOWFISH is enabled!";
}else {
echo "CRYPT_BLOWFISH is not available";
}

If it returns that it is enabled then the next step is easy, All you need to do to bcrypt a
password is (Note for more customizability you need to see this How do you use bcrypt for hashing passwords in PHP?):

crypt($password, $salt);

Now to answer your second question. A salt is usally a random string that you add at the end of
all you passwords when you hash them. Using a salt means if some one gets your database
they can not check the hashes for common passwords. Checking the database is called using a rainbow table. You should always use a salt when hashing!!

Here are my proofs for the SHA1 and MD5 collision attack vulnerabilities:

http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html, http://eprint.iacr.org/2010/413.pdf, http://people.csail.mit.edu/yiqun/SHA1AttackProceedingVersion.pdf, http://conf.isi.qut.edu.au/auscert/proceedings/2006/gauravaram06collision.pdf and Understanding sha-1 collision weakness

What’s the difference between md5(), crc32() and sha1() crypto on PHP?

They each implement a different cryptographic hash function, and each hash function does generate a different sized hash. The main difference between the three functions you've shown here is that sha1 and md5 are actually meant to be cryptographically secure. crc32 (crc stands for cyclic redundancy check) function is not a crypto function and is meant to generate a hash that will be used to check the integrity of a file (mostly to determine if it was corrupted during download).

Just a side note: Please don't use md5 or sha1 for any real crypto work (such as hashing passwords). These are both terribly broken (just ask evernote or any of the other companies burned by using this old algorithm). Instead use the php crypt() function and use the SHA-256 or SHA-512 (better than 256), or blowfish. And always salt your hashes...

which algorithm preferred for hashing passwords C#?

MD5:

In 1996, a flaw was found with the design of MD5, and while it was
not a clearly fatal weakness, cryptographers began recommending the
use of other algorithms, such as SHA-1—which has since been found to
be vulnerable as well.

SHA1:

In 2005, cryptanalysts found attacks on SHA-1 suggesting that the
algorithm might not be secure enough for ongoing use

SHA2 which SHA256 is a type of does not have a known vulnerability as of the moment of writing.

Most efficient way to change the hash type of a password (md5 to sha1)

You can not convert md5 to sha but really your users only use password when they are about to login so you can modify your script a little to do the update automatically

// The user is not authticated yet
$auth = false;
$updated = false;

// From your Login form
$user = $_POST['user'];
$pass = $_POST['pass'];

// Check If the username has update password
$udated = false; // not update

// I gues you always do this
$password = $updated ? md5($pass) : sha1($pass);

// Do the autentication
// Slect from Database
// Check the data
// Set auth
$auth = true;

// Then chage the password
if ($auth == true && !$updated) {
$newpassword = sha1($pass);
// Connect to DB
// Update the Password
// Set Status to Updated in DB
$udated = true;
}

// Better Approch
if ($auth == true && !$updated) {
$newpassword = password_hash($password, PASSWORD_BCRYPT);
// Connect to DB
// Update the Password
// Set Status to Updated in DB
$updated = true;
}

I used password_hash has a better approach because it uses BCRYPT which is a better hash algorithm. See more information on password_compat

Is still valid password hashing using md5 or sha1?

Your thinking is correct, MD5 and SHA1 should never be used for password hashing. I would recommend the following, in order of preference:

  • argon2
  • bcrypt
  • scrypt
  • PBKDF2

If you tag your question with the language/framework you are using, I can recommend specific libraries or methods.

Also be aware that encryption is not the right word to use here. These are password hashing algorithms, not encryption algorithms.



Related Topics



Leave a reply



Submit