0

I went through a PHP/JS tutorial on user registration with secure hashing (no salt though) using sha. What I didn't understand is why the hash was generated on the client. Also, I don't understand the hashing in general.

This is how I think it works:

  1. User creates an account and password and sends plain text to the server
  2. The server receives this "register" command with username and password
  3. The server does some magic stuff to the password

So, what is the "magic"? If the magic turns "myPass" into "abcd12345" how does the user login with "myPass" again?

Does the server run the exact same procedure that converted the password initially, to check if the login attempt password is valid?

Improve this question
7
  • 1
    It does exactly that. During registration, the password is saved to a database in the hashed form, be it hash('sha512', $password) or anything else, then when a user tries to log in, the password the user inserted is again hashed using the same procedure and compared with the value stored in the database. Commented Mar 27, 2016 at 20:47
  • 2
    The hash should not be generated at the client at all - sounds like a bad tutorial. The password should be sent via HTTPS and then salted/hashed and compared on the server Commented Mar 28, 2016 at 2:06
  • @HorusKol: Actually, it's not unreasonable to generate a hash on the client and then hash that has on the server. The benefit of this approach is that the server does not even temporarily knows the user's password. The downside is that it's trivial to turn this feature off without the user noticing, so it does not provide much additional protection. Also, a slow hash tends to be even slower on lower-end desktops and mobile devices. Commented Mar 28, 2016 at 14:17
  • @Brian - as long as the client hashed password is sent over a secure connection - otherwise some could intercept it, and then just post it whenever they want. Commented Mar 28, 2016 at 22:26
  • How can it be intercepted? Unless the client's browser is compromised, or it is a phishing scam, who could possibly intercept the POST data? Commented Mar 28, 2016 at 23:01

2 Answers 2

Reset to default
4

Hashing

A hashing function uses an algorithm that is created with several things in mind:

  • Any hash generated will have the same length (i.e. a SHA256 hash will always be 256 bits)
  • Using the same hashing algorithm with the same input will always give the same output
  • A tiny change in the original value to be hashed will have a huge impact on the hashed value
  • It is not possible to directly reverse a hash

By only storing the hashed version of a password, it is not possible to directly find the password that goes with it. That way, when the database with user data is stolen, the criminals will only have hashes, but not the actual passwords.

When a password is entered on the client, it is sent over a secure connection (ie. HTTPS). The server then performs the hash function and compares it with stored password hash. (If the hash is performed on the client is easy to resend that hash.) If they match, it is assumed that the correct password was entered (in theory a different password could have the same hash, but this unlikely to happen).

Which hashing function to use is a tradeoff between security and usability.

The amount of time needed to calculate one hash is of importance: you want a hashing function that can't be solved quickly, because then a brute-force attack becomes feasible, on the other hand you don't want your users to have to wait a minute while the server is checking their password.

Rainbow Tables

Why I say that they cannot be directly reversed is because it is possible to make a dictionary which has all possible passwords and the hashed values that belong to those passwords ("rainbow tables"). A rainbow table is specific to a particular hashing algorith (MD5, SHA-1, SHA-2, etc.)

There are various sites online with rainbow tables, for instance MD5cracker.org for MD5 hashes or crackstation.net for various hash functions.

Salt

A possible protection against rainbow tables is the use of salts. The idea is to add a number of extra bytes to the password to make it longer (this does not affect the length of the hash though, since it stays the same length, irregardless of what is being hashed).

A salt is generally added as follows (+ is concatination):
saltedhash(password) = hash(password + salt)
or
saltedhash(password) = hash(hash(password) + salt)

Salts are not meant to be kept secret, so they can be stored in the database with the password. To prevent the same passwords to appear as the same hash in the database, use a seperate, random salt for each password.

Improve this answer
3
  • Sha256 isn't suitable for hashing passwords, as it is much too fast. Commented Mar 28, 2016 at 15:10
  • 1
    Generally, I would recommend hash(password + salt) over hash(hash(password) + salt). Assuming hash uses key-strengthening (it should!), running hash(password + salt) with 2n rounds is more secure than running hash(hash(password) + salt) with n rounds, but has the same performance. That said, generally you won't be implementing either approach; that code will be included in your security framework (and no, you shouldn't write it yourself!). Commented Mar 28, 2016 at 17:30
  • I hope that using PHP's password_hash doesn't mean I'm writing it myself? Commented Mar 28, 2016 at 23:02
1

Yes, the server does essentially "run the exact same procedure that converted the password initially, to check if the login attempt password is valid", although initially a random salt should be used and on login the salt is retrieved from the store and used to hash the password submitted.

The question How to securely hash passwords has a good answer on security.stackexchange.com. The short version of the answer is use bcrypt, PBKDF2 or scrypt. The shorter version is use bcrypt, or in php 5.5 or later use password_hash()

Improve this answer
1
  • in php 5.5 or later use password_hash() This is exactly what I'm doing. I thought maybe it was too simple. Commented Mar 28, 2016 at 23:03

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.