mcrypt is deprecated? - How to crypt and save a password correctly in PHP?

4
votes

I was told, that php mcrypt is deprecated and I should use a different method to hash and salt my passwords.

This is what I do currently:

public function saveNewUser(array $data) {
  $passwd = $this->mysqli->real_escape_string($datas['passwd']);
  $options = [
      'cost' => 11,
      'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM)
  ];

  $hashed_passwd = password_hash($passwd, PASSWORD_BCRYPT, $options);
  $this->optin_hash = md5(rand());
  //...
  //save user in DB with hashed passwd

Login:

if (password_verify($_POST['user_password'], $result_row->gmw_usr_passwd)) {//do some login stuff}

1.) What is the latest and most secure way to crypt and save a password? Can you give an usage example or link how to save crypt a password correctly and how to verify it for login?

2.) In the php Documentary I read something about password_hash:

password_hash() creates a new password hash using a strong one-way hashing algorithm. password_hash() is compatible with crypt(). Therefore, password hashes created by crypt() can be used with password_hash().

(...)

Warning The salt option has been deprecated as of PHP 7.0.0. It is now preferred to simply use the salt that is generated by default.

2.a) Is password_hash an alternative to what I used?

2.b) So I don't need to add salt by myself?

2.c) What about that blowfish algorythm I used and all the other steps I added? Are they not neccesary anymore?

2.d) how do I verify the passwords for login, when I use password_hash?

EDIT: Sorry I saw that I already use password_hash (it was a very short coding-night).

As described by Artjom B. I don't need mcrypt (?)

1
phpsecurityhashcryptographypasswords
You don't need mcrypt to generate random bytes. The OpenSSL extension has a similar function. - Artjom B.
So I simply delete this option? I would use this instead: $options = [ 'cost' => 11 ]; - user7059778
Well, it depends on the requirements you have for the salt. If you really need a salt of a specific length that is different from the default, then you can't simply use the default, can you? Though, the default is perfectly fine and I see no reason not to use it. - Artjom B.
It is best to omit the salt parameter, the function password_hash() will generate a save one on its own. The salt created with mcrypt_create_iv()was not suited for BCrypt anyway. - martinstoeckli
1. Don't pass a salt. Just let password_hash() generate it. 2. In other places you need randomness, use random_bytes(). If you need your code to work on PHP 5 projects, grab a copy of github.com/paragonie/random_compat and call it a day. - Scott Arciszewski

1 Answers

6
votes

The new standard way, according to PHP documentation for PHP 7.0, is to use password_hash to hash the original password and then password_verify at login time, to verify the correctness of the provided password.

These function are wrappers around the fundamentals, like crypt() and are recommended because they take care of things that you and I will never think about, like choosing the correct source of randomness for generating the salt (you can't use a standard rand function for encryption).

Coming to 2b and the rest, you don't need to add the salt yourself because it generated by PHP and included in the password, and all the necessary steps are done for you.

You just need to save the hashed password, created with password_hash, on the database and then use it, at login time, to compare it with the user-supplied password using password_verify.

Also, yes mcrypt is deprecated, because it's not updated anymore.