CODEWITHSUNDEEP
phpjavascriptencryptionhashmd5
Ben Carey
Ben Carey

Reputation: 16958

Alternative to md5, also available in javascript

As php.net states here:

It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm.

I have used the md5 function since I started programming with PHP, but after researching, it is clear that md5 is discouraged and an alternative should be used.

I am aware of a possible alternative, sha1. Are there any others as well?

What are the benefits of these other ones, and sha1 (excluding higher security)?

And most importantly, can a sha1 hash or any of the other hashing algorithms be replicated in javascript?

I have an md5 plugin in javascript and it is key to some of my secure applications. Therefore, having a hashing algorithm that has a javascript plugin is absolutely essential.

Upvotes: 2

Views: 2825

Answers (2)

Giulio Muscarello
Giulio Muscarello

Reputation: 1342

Yes, there are many other hashing algorithms as well, much stronger than SHA1. Check SHA512, for example: it has 512 bits against, for example, 128 bits for MD5. Anyway, if you're looking for real safety, you should apply one of the following:

1) "Fixed salt": instead of md5($pass), you use:

$salt="NaCl";
$hash=md5($salt);

2) "Random salt": instead of md5($pass)', you generate a random salt (use the function rand($minValue, $maxValue)) with a great range (say rand(0, pow(10, 100)) and use md5($pass, $salt). Don't forget to store BOTH the hash and the salt!

3) Encryption: you use either a fixed or a random key (see the precedent method), and use it to encrypt the password. I'd really suggest the Blowfish algorithm. From the page on PHP.net:

<?php
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $key = "This is a very secret key";
    $text = "Meet me at 11 o'clock behind the monument.";
    echo strlen($text) . "\n";

    $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
    echo strlen($crypttext) . "\n";
?>

Implementing SHA512 in JavaScript (without the salt generation) (from the CryptoJS library):

<script src="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/sha512.js"></s‌​cript>
<script> var hash = CryptoJS.SHA512("Message"); </script>

Implementing bcrypt in JavaScript: see this example.

Upvotes: 0

CodesInChaos
CodesInChaos

Reputation: 108800

SHA1 and MD5 have pretty much the same weakness: Their collision resistance is broken. So when MD5 is wrong, so is SHA1. Their output is also a bit short. If collision resistance is required, I recommend at least 256 bit hashes. More than 256 bits are rarely necessary.

For normal hashing applications SHA-256 (part of the SHA-2 family) is a good choice. While it's performance isn't too great, nobody has broken its collision resistance so far. You can also go with SHA-3-256, but the library support isn't that great yet.

For password hashing you need a specialized construction, such as scrypt, bcrypt or PBKDF2. Use a unique salt and a sufficient iteration count. Do not use a plain hash, they're too fast.

For MAC(Message Authentication) use a specialized construction, such as HMAC-SHA-256 and not plain SHA-256.

The upcoming WebCryptoAPI will contain functions for most of these operations.

Until it gets deployed, you can use crypto-js which offers both PBKDF2 and SHA-256.

But I'm a bit doubtful about your architecture. Hashing passwords in javascript is rarely the right choice. Standard procedure is using SSL/TLS and sending the plaintext password over it. You cannot achieve security with in browser javascript unless you use TLS.

Upvotes: 4

Related Questions