PHP password_hash (): public disposable salt vs private fixed salt
PHP reference for password_hash()
( http://php.net/manual/en/function.password-hash.php ):
The algorithm used, cost and salt are returned as part of the hash. Therefore, all the information needed to validate the hash is included in it.
My question is why?
I read this in another SO answer: ( Static Salt vs Random Salt - PHP Security )
Occasional salts have tremendous benefits. If all accounts on the system are using the same salt, an attacker could brute-force the hashes for that salt and break into all accounts with just one computational run.
I understand. However, it password_hash()
inserts the salt into the returned hash, which I believe makes it public, so the salt is known to the attacker for each password.
Wouldn't it have been better to have a long private salt?
One thing I could think of is that the hashes generated with the same salt will be identical for identical passwords and possibly allow an attacker to make progress by statistically analyzing the hashes in the database.
However, this could be mitigated by using a dictionary of private hashes instead of just one, which is no longer possible with password_hash()
in PHP 7.
I am not a security expert and I believe the PHP guys know what they are doing, so I would love to hear why the way password_hash()
is considered the right way.
source to share
I found this answer:
http://php.net/manual/en/function.password-hash.php#114410
if you thought, "Why is the salt included in the hash and it saves me when I store it as it is in my db?"
I found the answer: salt just has to be unique. It wasn't supposed to be a secret.
As mentioned in the notes and docs before: let password_hash () take care of the salt.
With a unique salt, you force the attacker to crack the hash. the hash is unique and cannot be found in rainbow tables.
source to share