Correctly using crypt() with SHA512 in PHP

7
votes

All the examples online show the use of crypt like this:

$pass = crypt('something','$6$rounds=5000$anexamplestringforsalt$');

But everyone says that you are not supposed to define the rounds or the salt.

So how should I use it?

Also I am having a problem: when I run the code above, it only runs 50 rounds instead of 5000 rounds as if the system is stopping it.

Any help will be greatly appreciated.

//- Solution -//

I have found some of these to be useful:

For generating Salt:

Here is a random way of generating salt

$randomString = random_bytes(32);

Base 64 encode to ensure that some characters will not cause problems for crypt

$salt = base64_encode($randomString);

For Hashing:

$hashed = crypt($passwordInput, '$6$'.$salt);

To Confirm:

if (crypt($passwordInput, $hashed) == $hashed) { 
  // Valid action
} else { 
  // Invalid action
}

** Special Thanks to @lathspell for help with arriving at above solution **

2
phppassword-encryptioncrypt
Out of interest: how are you determining how many rounds it actually does?deceze♦
Because the output shows: $6$rounds=50$ob0t0FFYzA4Az0FlWjjOaXzflUuCfQn8qKrA75JRgoiElmy35zLVF7u4558SxPXoNWSaUmLDKxPYDtpvuWIWs1ShadowZzz
Possibly a bug in some older versions? → 3v4l.org/BplEG Actually, according to the manual SHA-512 did not exist until 5.3.2...!?deceze♦
Ok @deceze 's suggestion that it may be a bug is correct, I checked my CP and turned out it jumped back to PHP 5.2. I'll have to figure out why later. Also, Is there an answer for the Main question? about how it should be displayed.ShadowZzz
I removed the code to generate a password with str_shuffle because it has max 32 bits of entropy and likely less (because str_shuffle is not cryptagraphically secure)Georg Schölly

2 Answers

5
votes

The main reason to run the algorithm for a certain amount of rounds is simply to slow it down to make brute forcing attacks uninteresting. For that 5000 iterations are enough even for modern hardware. You could as well use 100000 but then your server admin would probably want to have a word with you :-) rounds=5000 is the default for SHA-512. The minimum is 1000 and the maximum very high.

3
votes

Use OpenSSL for salt generation, it's even more random. And maybe 20000 rounds to future proof your code a bit.

function cryptPassword($password, $salt = "", $rounds = 20000)
{
    if ($salt == "")
    {
        // Generate random salt
        $salt = substr(bin2hex(openssl_random_pseudo_bytes(16)),0,16);
    }
    // $6$ specifies SHA512
    $hash = crypt($password, sprintf('$6$rounds=%d$%s$', $rounds, $salt));

    return $hash;
}