PHP Security Functions

Updating...

A complete guide to PHP hash and encryption functions

I'll answer these questions for each items:

• What is it?
• How to use it?
• When to use it?
• When not to use it?

MD5

What is it?

It is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length (128 bit) digest value to be used for authenticating the original message.

How to use it?

md5 ( string $str [, bool $raw_output = FALSE ] ) : string

If the optional $raw_output is set to true, the plain binary string of the hash will be returned. This is only useful if you need to store or transfer the hash in a binary format. 🔗

$str = 'I love you';

$hash = md5($str); // e4f58a805a6e1fd0f6bef58c86f9ceb3
$hash = md5($str, true); // ����Zn��������γ

When to use it?

For non-security cases, e.g. generating random string for file names.

When not to use it?

As php.net says, it is not recommended to use md5 to secure passwords:

Hashing algorithms such as MD5, SHA1 and SHA256 are designed to be very fast and efficient. With modern techniques and computer equipment, it has become trivial to "brute force" the output of these algorithms, in order to determine the original input.

Because of how quickly a modern computer can "reverse" these hashing algorithms, many security professionals strongly suggest against their use for password hashing.

SHA1

What is it?

It is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length (160 bit) digest value to be used for authenticating the original message. It is more secure but slower than MD5

How to use it?

sha1 ( string $str [, bool $raw_output = FALSE ] ) : string

The optional $raw_output is similar to MD5.

$str = 'I love you';

$hash = sha1($str); // ce48c9870c7ae19796438aed65458c8bdc335157
$hash = sha1($str, true); // �HɇzᗖC��eE���3QW

When to use it

For non-security cases, e.g. generating random string for file names.

Not all hash uses are security-related. Git uses SHA1 to cheaply distinguish between objects. In that case, because the possibility of collision between two documents is incredibly small with SHA1, there really is no justification for the additional space requirement of SHA512 when SHA1 is more than suitable for the task. 🔗 🔗

When not to use it?

Similar to MD5, it is not recommended to use SHA1 to secure passwords.

SHA2 Family

What is it?

SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions. The SHA-2 family consists of six hash functions that are 224, 256, 384 or 512 bits:

SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. 🔗

They are one-way cryptographic function that accept a message of any length as input and return as output a fixed-length digest value.

How to use it?

You can use them by php hash function:

 hash ( string $algorithm , string $data [, bool $raw_output = FALSE ] ) : string
     
 // $algorithm may be: sha224, sha256, sha384, sha512, sha512/224, sha512/256
 // or other $algorithms that exists in hash_algos() function

When to use it?

They are general purpose hash functions. They are good only for non-security cases, e.g. generating random string for file names.

When not to use it?

Similar to SHA1 and MD5, you should not use them for security cases such as hashing sensitive data.

General-purpose hashes have been obsolete for passwords for over a decade. The issue is that they're fast, and passwords have low entropy, meaning brute-force is very easy with any general-purpose hash. You need to use a function which is deliberately slow, like PBKDF2, bcrypt, or scrypt. 🔗

Bcrypt

What is it?

Bcrypt is a password hashing function. Bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power. 🔗

Alert: When using bcrypt you should be aware that it limits your maximum password length to 50-72 bytes.

How to use it?

$options = [
    'cost' => 12,
];

password_hash("password", PASSWORD_BCRYPT, $options);

This will always result in a hash using the $2y$ crypt format, which is always 60 characters wide. cost parameter is used here to define how many iteration over the password should be performed. Higher cost, higher security, higher execution time.

As php.net says:

It is strongly recommended that you do not generate your own salt for this function. It will create a secure salt automatically for you if you do not specify one. Providing the salt option in PHP 7.0 will generate a deprecation warning. Support for providing a salt manually may be removed in a future PHP release.

It is recommended that you test this function on your servers, and adjust the cost parameter so that execution of the function takes less than 100 milliseconds on interactive systems. See example #3 in the above link.

When to use it?

When security matters. When you would have uncrackable passwords.

When not to use it?

Bcrypt takes time and resources to generate (in comparison to MD5, SHA1, etc.). You can simply see the performance of generating Bcrypt vs SHA1 in a for loop. So if you would hash a string in which security doesn't matter, do not use Bcrypt. Use fast hashing algorithms.

Argon2

What is it?

Argon2 is a password-hashing function that can be used to hash passwords for credential storage, key derivation, or other applications.

Argon2 has three variants: Argon2i, Argon2d, and Argon2id.

Argon2d is faster and uses data-depending memory access, which makes it highly resistant against GPU cracking attacks and suitable for applications with no threats from side-channel timing attacks (eg. cryptocurrencies).

Argon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation, but it is slower as it makes more passes over the memory to protect from tradeoff attacks

Argon2id is a hybrid of Argon2i and Argon2d, using a combination of data-depending and data-independent memory accesses, which gives some of Argon2i's resistance to side-channel cache timing attacks and much of Argon2d's resistance to GPU cracking attacks. 🔗

How to use it?

$options = ['memory_cost' => 2048, 'time_cost' => 4, 'threads' => 3];

// PHP 7.2.0+
password_hash("password", PASSWORD_ARGON2I, $options); // $argon2i$v=19$m=2048,t=4,p=3$dVBCdG9qbTdkN3dvSnpIcw$wXTxsa/LKAJGwk3+ZWXgfEx66Vs4R0JAMm7i3PNJ2wg


// PHP 7.3.0+
password_hash("password", PASSWORD_ARGON2ID, $options); // $argon2id$v=19$m=2048,t=4,p=3$aERwOTFDY2lPNUJZRDBoYw$VI2gLlJLzQZD3r9tYGszvN6uj2PZVuUv6Ukp7gcJ+dw

• memory_cost - Maximum memory (in bytes) that may be used to compute the Argon2 hash (default 1024)
• time_cost - Maximum amount of time it may take to compute the Argon2 hash (default 2)
• threads - Number of threads to use for computing the Argon2 hash (default 2)

When to use it?

Argon2i uses data-independent memory access. It is slow because it makes more passes over the memory to protect from trade off attacks. It is highly recommended for password hashing and password-based key derivation.

When not to use it?

As I described in Bcrypt section, if you would hash something in which security doesn't matter, do not use Argon2. Use fast hashing algorithms instead.

Other functions coming soon ...

Resources:

https://stackoverflow.com/a/47602045/3578287

https://github.com/p-h-c/phc-winner-argon2

https://searchsecurity.techtarget.com/definition/MD5

http://php.net/manual/en/faq.passwords.php#faq.passwords.fasthash

https://stackoverflow.com/questions/2640566/why-use-sha1-for-hashing-secrets-when-sha-512-is-more-secure

https://en.wikipedia.org/wiki/SHA-2

https://www.mscharhag.com/software-development/bcrypt-maximum-password-length

https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length