-
Notifications
You must be signed in to change notification settings - Fork 788
Which hashing & salting algorithm should be used ?
Gentlemen, as this has been a big topic, and there's still no real answer to this, I would like to introduce this wiki page. Feel free to post/change whatever you like, the goal is to find an answer to the question:
Which hashing & sorting algorithm should be used in the script ?
A little keynote: As this project gets more attention than i ever thought, there's some kind of responsibility NOT TO DELIVER insecure stuff.
According to the PHP's crypt() doc page CRYPT_BLOWFISH uses 22 char salt and generates a 60 char hash, and CRYPT_SHA512 uses a 16 char salt and generates a 118 char hash. Both algorithms have changeable cost factors (that allow to change to "intensity" of the hashing/salting function, useful when technology becomes stronger and servers/crackers have more power), so at first view, SHA512 looks stronger (because longer).
I have asked this on stackoverflow - but as usually - the question has been closed, because of "off topic". Yeah, sure. link
A similar question, with 90+ upvotes and answers with nearly 150 upvotes here, has also been closed due to "not constructive". Seriously, what the hell is wrong with those people ?
##TODO:##
-
make the (excellent) benchmarks, posted by LexLythius in the first stackoverflow link, again, reproduceable and publish the results.
-
contact several security experts and get statements on "which hash/salt algorithm should we use ?".
##Benchmark: All crypt() hash/salt algorithms##
All of those loops use "rasmuslerdorf" as the password. I'm not sure if it's fair to compare them like this, but we'll see. This benchmark has been made on a i3 2120 CPU with 8GB of 1066 RAM [might be important, as crypt relies quite much on RAM speed].
BLOWFISH: uses a cost factor from 04 to 31 (the two digit cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithmeter).
SHA256/SHA512: uses a cost factor in form of how many times the hashing loop will be executed. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999.
| Runtime for 100 runs with CRYPT_STD_DES, which has a 2 character salt | 0.029006004333496 seconds |
| Runtime for 100 runs with CRYPT_EXT_DES, which has a 9 character salt | 0.062263965606689 seconds |
| Runtime for 100 runs with CRYPT_MD5, which has a 12 character salt | 0.27028179168701 seconds |
| Runtime for 100 runs with CRYPT_BLOWFISH with $2a [before PHP 5.3.7], which has a 22 character salt and standard cost factor of 7 | 1.8341250419617 seconds |
| Runtime for 100 runs with CRYPT_BLOWFISH with $2y [from PHP 5.3.7], which has a 22 character salt and standard cost factor of 7 | 1.8966331481934 seconds |
| Runtime for 100 runs with CRYPT_SHA256, which has a 16 character salt and standard cost round factor of 5000 | 0.97224402427673 seconds |
| Runtime for 100 runs with CRYPT_SHA512, which has a 16 character salt and standard cost round factor of 5000 | 1.3613569736481 seconds |
BLOWFISH wins (because it's the slowest). As this is just a comparison with the given standard parameters, this benchmark might be not accurate or even totally wrong.