PHP 5.5 password_* functions re-hashing

https://stackoverflow.com/questions/22531123

18-06-2023
|

문제

I have setup my password hashing using PHP password_* functions

1) password_hash($password, PASSWORD_BCRYPT, array("cost" => 11);

2) return password_verify($password, $hashedPassword)? true : false;

Everything work fine.

I found also password_needs_rehash() function, which tak 2 params, $hashedPassword and algorithm, example:

password_needs_rehash($hashedPassword, PASSWORD_BCRYPT);

I understand to use this when it's changed algorithm or cost, something like:

    if (!password_verify($password, $hashedPassword)) {
        return false;
    }
    if (password_needs_rehash($hashedPassword, PASSWORD_BCRYPT)) {

        $hashedPassword = password_hash($password, PASSWORD_BCRYPT);
        // update user password in database with $hashedPassword

    }
    return true;

Everything it's clear, I have just a doubt.

I try change the cost, without calling password_needs_rehash() function, and I am able to login.

I try also change on my function which generate hash, I change algorithm from PASSWORD_BCRYPT to PASSWORD_DEFAULT.

I am always able to login.

Can someone explain how does it work?

If we don't re-hash when algorithm change, how PHP password_* handle this?

PS A small question into question... Using php function_* does it raccomanded to use "salt" for password or not?

Thanks!!

해결책

The algorithm used and its cost are embedded in the password hash. It's the first couple of letters:

$2y$10$abcdefg...123456789...
 |  |    |        |
 |  |    |        +- the password hash
 |  |    +- the salt
 |  +- the cost parameter
 +- the algorithm type

(Also see https://stackoverflow.com/a/16736254/476)

As such, when verifying the password, password_verify knows what algorithm to use.

The use of checking whether the password needs rehashing is to confirm whether the algorithm and cost factor embedded in the hash are still the same as the ones you would like to use. If they are not the same, you should rehash the password with the new configuration.

The typical use is that over time, you will increase the cost factor as hardware gets faster and can handle hashing with larger costs. That does not suddenly invalidate your old passwords, those will still be confirmed using the old settings embedded in the hash. However, since you happen to have the plaintext password at hand at the time of verification, you should use that opportunity to update the hash with the newer settings.

라이센스 : CC-BY-SA ~와 함께 속성

제휴하지 않습니다 StackOverflow