PHP: Better Password Encryption using Blowfish
This article explains how you can use Blowfish (a.k.a. bcrypt) hashing when storing passwords using PHP.
For details on why you should use Blowfish encryption instead of the standard crypt function you can read the links under References at the end of the article. It should already be clear that you never store passwords in the database as plain text.
The following examples assume that your PHP installation supports Blowfish encryption. You can test for this on your server using:
If not, you should really think about upgrading to PHP 5.4 or the latest official release.
Using crypt() to store and check passwords
The crypt function is extremely easy to use. You generate or take from user input a new password and call crypt to generate a hashed version for storing in a database:
Depending on your php version and configuration this will return a DES-based hash such as:
$1$j9fuc/za$JCN3NPoTGjHvsAo6x7yDl1
The output will be different each time, but that doesn’t matter because the ‘salt’ used to generate the hash is included at the start allowing it to be recreated.
You store this string ($password_hash) in the database alongside the username and other account details.
When the user tries to login you simply check whether the hash of the password they enter, using the database hash as a salt, re-creates (matches) the database hash:
The crypt function first identifies what flavour of encryption was used, extracts the salt, and uses that to generate a hash of the password the user input for comparison.
Change the hash type to Blowfish
The crypt function has a default hash type which in very old versions was DES, but now in most cases will be MD5. The beauty of the implementation is that it can recognise the hash type to use based on the format of the salt (found in the leading characters of the hash as described in the documentation).
To force crypt to use Blowfish hashing we need to pass a suitable salt when generating the database hash:
Blowfish hashing with a salt as follows: «$2a$», a two digit cost parameter, «$», and 22 digits from the alphabet «./0-9A-Za-z».
All we need to change then from the example above is to generate a suitable salt value.
Generating a random salt for Blowfish encryption
Here we have a simple function that creates a blowfish hash from the input value using a random salt made up of letters and numbers:
Security advisory from PHP.net — developers targeting only PHP 5.3.7 and later should use «$2y$» in preference to «$2a$». Full details.
The default for the rounds variable has been set to 7 here, but depending on your system you might want to use a higher value. As you increase this value the time taken to generate, test, or try to brute-force the hash will increase significantly.
To generate a hash for a new password we call this new function in place of crypt:
As computers get faster you will want to increase the cost (number of rounds), and for high security applications you can: increase the rounds; use a more random salt generator; or generate a hash using multiple hashing mechanisms in sequence.
The returned hash will now look something like this:
$2a$07$vY6x3F45HQSAiOs6N5wMuOwZQ7pUPoSUTBkU/DEF/YNQ2uOZflMIa
Make sure your database field is large enough. If the field size has been set to a fixed size for DES or MD5 then the Blowfish hashes will be truncated and unusable.
To test an entered password against the hash you can use exactly the same code as before, because the crypt function recognises that the password hash was generated using blowfish:
This approach will work even if your database contains a range of password types (DES, MD5, Blowfish, . ), which will be the case every time you change the algorithm used in your application.
Password encryption and verification in PHP 5.5
PHP 5.5 has a built-in function password_hash for generating password hashes, which as of now defaults to bcrypt (Blowfish), but that may change over time. You can also specify Blowfish explicitly.
Using this our better_crypt function can be replaced with:
This will automatically use the new $2y$ salt format for increased security.
If you’re feeling brave and don’t mind which algorithm is used, you can let PHP use it’s default settings (at time of writing, also bcrypt with a cost of 10):
For comparing the user entered password with the stored hash there is also a new function:
The password_verify function is designed to mitigate timing attacks and will work with other hash formats, not just Blowfish. It replaces the method above of having to apply crypt to the entered password ourselves for verification.
Putting it all together we have the following:
<?PHP $new_password = » «; $password_hash = better_crypt($new_password); // or password_hash($new_password, PASSWORD_DEFAULT); // => store in database ?> . <?PHP $password_entered = » «; $password_hash = » «; if(password_verify($password_entered, $password_hash)) < // password is correct > ?>
Remember that password_verify is only available in PHP 5.5 and higher. For earlier versions you need to use crypt and compare the strings yourself. Also the version of better_crypt where we generate the salt.
References
Related Articles — Encryption
PHP crypt() Function
The crypt() function encrypts a string using one-way encryption.
This function takes a string to encrypt and a salt. The salt parameter is optional. However, crypt() creates a weak hash without the salt. So make sure to specify a strong enough salt for better security.
This function encrypts a string using the standard Unix DES-based algorithm. But, alternative hashing algorithms such as MD5 or Blowfish may also be used depending on the operating system.
On operating systems where the crypt() function supports multiple hash types, the following constants are set to 0 or 1 depending on whether the given type is available:
- CRYPT_STD_DES – Standard DES-based hash with a two character salt from the alphabet «./0-9A-Za-z». Using invalid characters in the salt will cause this function to fail.
- CRYPT_EXT_DES – Extended DES-based hash with a nine character salt consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt. These are encoded as printable characters, 6 bits per character, least significant character first. The values 0 to 63 are encoded as «./0-9A-Za-z». Using invalid characters in the salt will cause this function to fail.
- CRYPT_MD5 – MD5 hashing with a twelve character salt starting with $1$
- CRYPT_BLOWFISH – Blowfish hashing with a salt starting with $2a$, $2x$ or $2y$, a two digit cost parameter, $, and 22 characters from the alphabet «./0-9A-Za-z». Using characters outside of this range in the salt will cause crypt() to return a zero-length string. The cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithmeter and must be in range 04-31, values outside this range will cause this function to fail.
- CRYPT_SHA256 – SHA-256 hash with a sixteen character salt starting with $5$. If the salt string starts with «rounds=$», the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.
- CRYPT_SHA512 – SHA-512 hash with a sixteen character salt starting with $6$. If the salt string starts with «rounds=$», the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.
The following table summarizes the technical details of this function.
| Return Value: | Returns the hashed string or a string that is shorter than 13 characters and is guaranteed to differ from the salt on failure. |
|---|---|
| Version: | PHP 4+ |
Note: Data encrypted with the crypt() function cannot be decrypted. This function is generally used to encrypt a password that is saved for user’s authentication purposes. At the time of login the password entered by the user is encrypted and compared against the previously encrypted password to check whether they match or not.
Syntax
The basic syntax of the crypt() function is given with:
The following example shows the crypt() function in action.