Upgrade password hash from md5 to bcrypt

hash passwords md5 bcrypt
10,545

Surely it is a good idea to switch to a more secure hash algorithm. There is a function password_hash() you can use for creating a BCrypt hash:

// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);

// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);

From your answer i guess that you used an unsalted MD5 value, so double hashing can be a good solution here. Just pass the MD5 hash to the password_hash() function, it will generate a safe salt on its own.

// Migrating the old MD5 hashes to MD5-BCrypt
$hashToStoreInDb = password_hash($existingMd5Hash, PASSWORD_DEFAULT);

For verification first check for a double hash, and then verify the password accordingly.

if (checkIfDoubleHash($existingHashFromDb))
{
  $isPasswordCorrect = password_verify(MD5($password), $existingHashFromDb);

  // Update database with pure BCrypt hash
  if ($isPasswordCorrect)
    $hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);
}
else
{
  $isPasswordCorrect = password_verify($password, $existingHashFromDb)
}

The stored hashes can be recognized by the leading $ or by a separate db field, a BCrypt hash for example always starts with a $ character, an MD5 hash does not.

A salt should not be derrived from other parameters and it should be unique per password. The password_hash() function will take care of this. Since a rainbowtable must be built fore each salt, an attacker would have to build a rainbowtable for each password. For more information you can have a look at my tutorial about secure password storing.

Share:
10,545
merlinbeard
Author by

merlinbeard

meh.

Updated on July 25, 2022

Comments

  • merlinbeard
    merlinbeard almost 2 years

    Its been discussed here before, but there seems to be no conclusion.

    Ideally, don't want to maintain state (upgraded/not upgraded) in the database etc. so, here is what I'm thinking:

    bcrypt the MD5'd password, and use "username + something else" as a salt.

    1. Does this scheme make any sense?
    2. Also, in general is it a good idea to use the username as a part of the salt? I read somewhere that adding a different salt to each hash makes it more secure. Is that correct (especially in context of bcrypt)?
  • merlinbeard
    merlinbeard over 9 years
    This is useful. Thank you!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why not use MD5 for password hashing?
PHP & MYSQL: using bcrypt hash and verifying password with database
What are Salt Rounds and how are Salts stored in Bcrypt?
encrypt and decrypt md5
How do I convert password hashing from MD5 to SHA?
Login to PostgreSQL using md5 encrypted password and not plaintext password
Produce MD5 or SHA1 hash code to long (64 bits)
Is the c++ hash function reasonably safe for passwords?
How to properly store a PBKDF2 password hash
MD5 hash of blob uploaded on Azure doesnt match with same file on local machine