Krillz.com

I have decided to start a series of posts regarding authentication methods using PHP and MySQL.
In the articles I will be covering some basic examples and thoughts surrounding how I think you should act and think security wise, but also in general to produce a good understandable code.

In the first post I’ll be covering the most basic login, which is basically the standard PHP page which checks the input against the stored data in the MySQL database.
Nothing fancy and advanced but I have to start from the beginning as not all know this!

So let’s go through the details on how this should work.
We want to make some content only available for members; a nonmember shouldn’t have access to it. The page must therefore ask for login information and then determine whether the person is allowed to view the content inside or not.

All right then, so what we need so far is a PHP file containing the control code, a database which should hold the login data, which the code checks against.

1. secret.php
2. database.sql

The other problem, which isn’t really considered as an issue by some, is how are the passwords supposed to be stored.
Remember that we cannot store the passwords as plain text as this would be plain stupid, and not wise from a security point-of-view.

Choosing the right cipher isn’t as hard as you think, here’s one way you could think when aiming to apply a good strong encryption, to do so I’ll need to explain very briefly what kind of encryptions there are.
Noting detailed, I don’t even believe that this counts as an valid explanation, anyway I’ll be posting some posts on cryptography in the future so you’ll master the topic then

So which different encryptions can we use; well we basically have two different types which we could use.
The two-way ciphers basically are encryptions that can be reversed, so when data is encrypted it can be decrypted to plain text again.
Then we have the one-way ciphers which only go one way. This means that when encrypted there is no way to reverse the algorithm to get it back into plain text.

Now it’s the latter one which you should use, if you want to program from a security point-of-view.
As passwords encrypted in this way are a lot harder to crack than the decrypt ‘able ciphers, which basically means reversing the algorithm and you’d have the password in plain view.
The only possible way of cracking these hashes would be to perform a bruteforce- or dictionaryattack, but if good passwords are used this can be made much harder for the cracker trying to do so.
So remember to encourage your members to use strong passwords, preferably nothing that can be found in a dictionary, instead a great mix of symbols, numbers and letters; Give them an example on how a strong password looks like to ensure that they are doing so.

PHP offers a number of one-way hash functions that can be used for this purpose .

Unix Crypt algorithm which is provided by the Crypt() function, this is the oldest and least secure type you could use .

Message Digest 5 which in short is known as MD5 is implemented in the function md5(), and is a stronger type that is available in most versions of PHP.

And last the one which I’ll be using, the only drawback is that it isn’t compatible with older PHP versions, and I’m talking about the Secure Hash Algorithm (SHA-1).
PHP has the sha1() function which provides a strong, one-way hash and it’s this one I’ll be using in my example but also explaining, unfortunately this hash is already cracked so I wouldn’t trust in using it for a second, however I’ll use it in my demonstration.
Instead the new SHA-256 should be used until it too gets cracked, unfortunately there is no such function for PHP yet…

So the function looks like this:
string sha1 ( string str [, bool raw_output])

When you supply the function with the string str it will return a pseudo-random 40-character string, regardless of the input string’s length the output will always be a 40-character string, unless you set raw_output to true.
In that case you’ll get a 20-character string of binary data instead.

Let’s take a look on how the encryption looks like; the string test will result in a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

So what’s the point of using these kinds of ciphers, well as long as the result is deterministic, which means that the encrypted string test will always result in the same hash.
In this way we can rule out any possible way for anyone but the password setter to know what that password is.
When checking if the supplied password later on is correct we simply just have to encrypt it and check against the already encrypted one in the database.

Now when you know the dull facts behind what we are going to do and why we are doing it this way it’s time to the actual coding.
But just seeing the amount of text this introduction has generated I’ve decided that I’ll be posting that in the next article which will be posted tomorrow.
Now let this information sink in and come by tomorrow for the rest.

This entry was posted on Wednesday, April 18th, 2007 at 11:47 pm and is filed under Article, Cryptography, Programming, Security, Webdevelopment. You can leave a response, or trackback from your own site.