Password security; Is this safe?
I asked a question yesterday about password safety...
I am new at security...
I am using a mysql db, and need to store users passwords there. I have been told开发者_如何学编程 in answers that hashing
and THEN saving the HASHED value of the password is the correct way of doing this.
So basically I want to verify with you guys this is correct now.
It is a classifieds website, and for each classified the user puts, he has to enter a password so that he/she can remove the classified using that password later on (when product is sold for example).
In a file called "put_ad.php
" I use the $_POST
method to fetch the pass from a form.
Then I hash it and put it into a mysql table.
Then whenever the users wants to delete the ad, I check the entered password by hashing it and comparing the hashed value of the entered passw against the hashed value in the mysql db, right?
BUT, what if I as an admin want to delete a classified, is there a method to "Unhash" the password easily?
sha1 is used currently btw.
some code is very much appreciated.
Thanks
If you are an admin and have written the code you don't need to know the original users password. As an admin you code in the right for you to do this.
This is the difference between user authentication and user authorisation
What you are doing is right, but no, SHA, MD5 and others are one way hashes only so you can't unhash them (well theoretically you could by e.g. brute force). Letting you as an admin delete things, too, should be part of your authorization management.
Yes, you got the first part right.
However, there is no way to unhash the password (easily). This is actually the whole point of storing the hashes instead of the real passwords.
You should simply consider putting some logic in your php application, such that when a user with admin rights is logged in, there would be no need to check for the password to delete an entry.
Read this : http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html then you can start using bcrypt to store your passwords.
Yes, you are storing the passwords correctly. But as Arkh suggests, bcrypt is a more secure encryption algorithm.
But the password is encrypted on the server, which means that it will be sent over the internet in clear text, unless you use SSL encryption of the connection. Anyone sniffing the line anywhere between you and the user can then in theory read the password. For your usage, that may be acceptable...
I would rather build an admin interface allowing the admin user to delete whatever classified he/she wants, eliminating the need for "unhashing" the password.
No, there is no way to "unhash" a password. Hashing is a one-way process and can not be reversed.
The only way to get a working password for a hash code is brute force; trying to hash different passwords until a match is found.
The easiest way for an admin to be able to log in to a classified is to store away the current hash code and create a new hash code from a temporary password. Afterwards he can just put the original hash code back, and the old password works.
Yes you are right, but a password of a user should not be readable anymore, not even by an administrator! So even unhash would be possible (it is not), it would be a clear no go, to decrypt it back to readable plain text!
Another issue is, that you should not just create a hash of the password, because this is not safe. The password could be found out by brute force, means that someone iterate thru the possible password and try to create the hash code he sniffed from the network etc. If he created the same hash, he found the password. But you can use a salted hash. Means that you add a salt (some additional strings which the attacker does not know) to the password and than hash it. e.g. you create a hash of "username-anytextonlyknownbyourapp-password" or something like that.
If the question is "How to unhash password" - answer is - there is no solution to decode hashed value, way one is to brute it(means to find original value by calculating hash and compare with base) but it very slow process. If password is "strong" it unsolvable task.
If the question is "How to manage passwords" - you don't need to use "unhash"
精彩评论