Salting and MySQL

Can someone provide me with an example of how to use encryption using Blowfish (or ADES) and salting for a user password in PHP using MySQL ?

Also, i am new to crypto so any suggestion would be appreciated.

salting is just password = concat (password, salt)

@Anonymous, i thought that salting was hashing+some_string :S

*Blowfish (or AES)

>>1
Oy vey...  You don't ,,encrypt'' passwords, for encryption is a reversible process, which means that the schmuck that gains access to the database is likely to also be able to gain access to the encryption key, thus making the whole scheme useless.

What's the point of the whole password cryptography schmryptography anyway?  The point is that most people disregard sane advice and use the same password (or very slight variations thereof) on multiple sites.  If a hacker somehow gains access to your password database, they must not be able to see the passwords.  The way this is accomplished is using a one-way function, i.e. a function such that given its output, it's computationally infeasible to find a corresponding input.  Cryptographic hash functions work that way.  Now you still have a problem; what if the attacker precomputes a bunch of rainbow tables, then uses those to crack your users' passwords?  No worries, just use a salt, which is a short (2-4 bytes) random string that is appended (or prepended, selon vos préférences) to the password prior to hashing it.  But how do you check whether your user entered the password correctly?  Just retrieve the ,,password-salt'' and ,,password-hash'' columns in the user database, hash the password with salt ,,password-salt'', then compare it against ,,password-hash''.  See?  Now your dumb goy users can safely indulge their bad password habits.

Man i was thinking about it way too differently, thanks!

So basically i would have to generate a salt for every password and do:
    $password = md5($salt.$password);

What if i do it like this:
    $password = "banana"
    $salt = sha1(md5($password));
    $password = md5($password.$salt);

Would that make it more secure?

And what do you think the minimum number of characters the user should enter? (for a new user registering in a website)

I think i am going to use this though : http://www.php.net/manual/en/function.crypt.php

Since the PHP site complains about md5() and sha1() : http://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash

>>6
Salted MD5 is just fine if not used as a dumb password-only hash.

Store MD5(PAD0+MD5(PAD1+username+PAD2+password+PAD3)+PAD4+password)

where PADx are randomly chosen, suitably long blocks of random binary data.

But if your password hashes are compromised, all bets are off anyway, so you should focus on that instead of anything else first.

PEE AICH PEA!

>>7
Nice cargo cult you've got there.

>>9
http://en.wikipedia.org/wiki/HMAC
Same basic idea.

>>10
That's exactly why it's cargo cult programming. You don't understand why HMAC does what it does, so you're just going through the motions.
HMAC is not meant for password storage. For password storage, you need a slow hash. If you're using MD5 or SHA1, you're doing it wrong.

And you never roll your own crypto. If you want HMAC, use hash_hmac. That's what it's for.

The real answer to >>1's question is http://www.openwall.com/phpass/.

>>11

I have found this code that does more than just using cryptographic hash functions and salting : http://crackstation.net/hashing-security.htm#phpsourcecode

But it prepends the algorithm name and the number of iterations it does to the output. Is that considered secure ?

>>4
Shalom!

>>13
Low IQ goy.

>>12
In itself it doesn't hurt, but the point of doing that is to accommodate changing hashing algorithms. If you have a good reason to change algorithms, you shouldn't keep using the old hashes anyway.
It's probably inspired by Unix passwd files, but that was a different use case and arguably just a historical wart.

Basically, it doesn't matter, but if you want it you're probably doing something wrong.

If you have a good reason to change algorithms, you shouldn't keep using the old hashes anyway.

You don't see the problem with this logic?