Jump to content

crypt() is NOT an encryption function


sarciszewski

Recommended Posts

I've been fighting an uphill battle with new developers who don't understand the difference between hashing and encryption, and I believe correcting this w3schools article will help dramatically.

 

http://www.w3schools.com/php/func_string_crypt.asp

 

If we want this article to be accurate, every instance where this article refers to crypt() as an encryption feature needs to be rewritten to say "password hashing" (or simply hashing).

 

Despite its name, crypt() is ported from AT&T Unix v6's crypt(3) function, which was meant for one-way password hashing. See: https://www.freebsd.org/cgi/man.cgi?query=crypt%283%29

Edited by sarciszewski
Link to comment
Share on other sites

Nope. It's a one-way cryptography function, not a one-way encryption function.

 

Encryption is the art of rendering a message unreadable to everyone who does not possess a secret key. Encryption is, by definition, reversible. Hashing is, by definition, one-way.

 

Cryptography doesn't imply encryption, it can mean any of the following:

  • Encryption
    • Block Ciphers
    • Stream Ciphers
    • Elementary ciphers (substitution, transposition, etc.)

    [*]Authentication

    • Hash functions, HMAC, etc.
    • Password hashing functions
    • CMAC, Poly1305, GCM, etc.

    [*]Key Exchange

    • Diffie Hellman, Elliptic Curve Diffie Hellman

    [*]Digital Signatures

    • RSA, DSA, ECDSA, EdDSA

    [*]Public Key Infrastructure[*]Cryptographic Side Channels

    • Padding oracle attacks (RSA-PKCS1, etc.)
    • String comparison timing attacks
    • Cache-timing attacks
    • Fault-based side-channels

...and so much more.

 

There isn't a reputable cryptography engineer alive who would say that EdDSA is an encryption algorithm with a straight face. It's just as incorrect to say that a hash function is a form of encryption too.

Edited by sarciszewski
Link to comment
Share on other sites

You're right, I don't think anybody would refer to the algorithms used by crypt() as encryption algorithms. I'm quite sure nobody is using crypt() for encryption either, because if they did they'd find out pretty fast that they are not able to retrieve the information they just "encrypted".

 

I see you edited your post, at first I was quite confused as to why you signed up to the W3Schools forum just to tell the world that PHP's crypt() function is not for encryption, you would have access to a lot more people by writing a note on the PHP manual's crypt() page

 

On the W3Schools website, you can scroll to the bottom of the page and click on the "REPORT ERROR" link if you think the content of the page is incorrect.

Link to comment
Share on other sites

You're right, I don't think anybody would refer to the algorithms used by crypt() as encryption algorithms. I'm quite sure nobody is using crypt() for encryption either, because if they did they'd find out pretty fast that they are not able to retrieve the information they just "encrypted".

 

I see you edited your post, at first I was quite confused as to why you signed up to the W3Schools forum just to tell the world that PHP's crypt() function is not for encryption, you would have access to a lot more people by writing a note on the PHP manual's crypt() page

 

On the W3Schools website, you can scroll to the bottom of the page and click on the "REPORT ERROR" link if you think the content of the page is incorrect.

My edit pertained to the origins of crypt(3), my computer history isn't great ;)

 

From the PHP manual page:

 

crypt() will return a hashed string using the standard Unix DES-based algorithm or alternative algorithms that may be available on the system.

 

Their terminology is correct, actually. It's just w3schools that muddies the water between new developers and understanding this particular nuance of cryptography. Don't feel bad, though, I just spent the past few months cleaning up a lot of the PHP questions and answers on Stack Overflow.

 

My employer offers B2B technology consulting, but we also care very much about moving the needle towards other developers being secure by default, both in terms of their tools and frameworks but also in terms of the habits they adopt. Even if teaching other developers to write better and more secure code doesn't have a positive ROI for us.

 

A lot of programmers seem to learn from w3schools when they're first starting out. That's why I'm even bringing this up at all rather than letting sleeping dogs lie.

 

I hope these corrections are not taken as a sign of disrespect; few people have the knowledge or years of experience to understand the nuance of cryptology and, while I don't hold not understanding these details against anyone, I'm trying to make better knowledge more common.

Edited by sarciszewski
Link to comment
Share on other sites

I'm not part of the W3Schools staff, I just manage the forums, I have no responsibility or control over the website.

Understood. I've reported an error on the page and referenced this topic. I originally did not see this link (thank you for informing me about it), I will be sure to make use of it.

 

Do any of the W3Schools staff frequent the forums? Would posting here be a good way to engage both the community as well as the administration, or is there a better strategy I should pursue?

 

Maybe these aren't easy questions to answer, but any insight you have to offer as a moderator would be invaluable for plotting the course ahead.

Link to comment
Share on other sites

Encryption is, by definition, reversible. Hashing is, by definition, one-way.

This is true. Encryption implies decryption, if you can't decrypt then it's not encryption.

Do any of the W3Schools staff frequent the forums?

If they do, they don't post or anything. Kaijim has an account here though, I suppose you could send him a private message. For what it's worth, I was once contacted by the team lead for IE about changing some information prior to the release of a new version of IE (so that the information on the site would be accurate at the time of launch), and I sent private messages, emails, and even found the people on Facebook and sent messages through that. I didn't get a response, but hopefully they got the site updated. The people who run the site aren't very active with the community here.
Link to comment
Share on other sites

This is true. Encryption implies decryption, if you can't decrypt then it's not encryption.If they do, they don't post or anything. Kaijim has an account here though, I suppose you could send him a private message. For what it's worth, I was once contacted by the team lead for IE about changing some information prior to the release of a new version of IE (so that the information on the site would be accurate at the time of launch), and I sent private messages, emails, and even found the people on Facebook and sent messages through that. I didn't get a response, but hopefully they got the site updated. The people who run the site aren't very active with the community here.

This is disheartening. I wonder if the folks at w3fools would enjoy this infromation more (assuming they haven't already listed it as a grievance)?

 

At the very least, they'd probably act on it if I informed them of it.

Edited by sarciszewski
Link to comment
Share on other sites

I notice them updating their website frequently, so while they're not very communicative they do seem to listen to suggestions.

Interesting. On one hand, you say they seem to listen to suggestions.

 

But on balance, they generally ignore the community and so far have not addressed the inaccuracies I brought to their attention.

 

At this point I'm not sure if I would be wasting my time trying to improve their documentation.

Link to comment
Share on other sites

To be fair, your post is 4 days old and in the PHP forum.

 

I think the point Ingolme was trying to make is that for those posts made in the Suggestions forum (which is specially for making suggestions for the W3Schools.com site) the site maintainers tend to implement them, albeit while not actually making a post or comment to that affect.

Link to comment
Share on other sites

To be fair, your post is 4 days old and in the PHP forum.

 

I think the point Ingolme was trying to make is that for those posts made in the Suggestions forum (which is specially for making suggestions for the W3Schools.com site) the site maintainers tend to implement them, albeit while not actually making a post or comment to that affect.

I've also emailed them and used the form at the bottom of the page. There's no way they haven't been informed by now.

Link to comment
Share on other sites

Fair enough, so either they will or they won't at this point I suppose. You're post is very educational, so hopefully at least some of the forum members here will be able to make use of it.

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

Fair enough, so either they will or they won't at this point I suppose. You're post is very educational, so hopefully at least some of the forum members here will be able to make use of it.

I'm not sure that's much comfort. Most people link to the w3schools website and not the forum, so I'd wager (heuristically) that more people read the misinformative PHP documentation than the forums where people point out inaccuracies that Refsnes Data ignores.

Link to comment
Share on other sites

Lol, i use Crypt() on my websites? However i use that one amongst with SHA1, MD5 and 4-5 different custom-made salt functions that will randomly throw the letters and numbers and signs around to make sure they are very well shaken and ready to be used as an password. Also known to be "Encrypted" ;).... still working on it tho, but working at the moment perfectly fine :)

Link to comment
Share on other sites

An encrypted message is one that can be decrypted, you can find that in the dictionary or encyclopedia.

 

I would not recommend SHA-1 or MD5 for password hashing. The execution time of those algorithms is too short.

Link to comment
Share on other sites

Lol, i use Crypt() on my websites? However i use that one amongst with SHA1, MD5 and 4-5 different custom-made salt functions that will randomly throw the letters and numbers and signs around to make sure they are very well shaken and ready to be used as an password. Also known to be "Encrypted" ;).... still working on it tho, but working at the moment perfectly fine :)

Using cypt() is at best suboptimal. You're better off using password_hash() and password_verify().

 

"However i use that one amongst with SHA1, MD5 and 4-5 different custom-made salt functions that will randomly throw the letters and numbers and signs around to make sure they are very well shaken and ready to be used as an password"

 

Have you never heard the words "don't roll your own crypto" before? This is a bad idea!

Link to comment
Share on other sites

Seriously, what's wrong with using password_hash? Do you know more about cryptography than the people who put together the password extension for PHP? Is password security really the thing that you want to go custom on?

Link to comment
Share on other sites

I dont know, i am using _hash and functions like that also. I am just adding "more" to the password line, you could call it a random shake of already very well protected and encrypted password makers. I am just rolling the dice so it is even more protected. Like i said, i dont use one, i use ALOT of different encryption methods, that is what i ment anyways in case you misinterpated what i said Oo? So it is not "all" custom made, just added a few things to some PHP encryption methods that was pre-added in the beginning ^^...

Link to comment
Share on other sites

Like i said, i dont use one, i use ALOT of different encryption methods, that is what i ment anyways in case you misinterpated what i said Oo?

This is partly a terminology problem. I doubt very much that you are using any encryption at all. You are using hashing. Like we've talked about in this thread, they are not the same thing. Passwords are almost never encrypted, they are hashed typically with a salt. If you cannot reverse it to get the original plain text then it is not encryption. Algorithms like MD5 and the SHA family are not encryption. They are part of cryptography in general, but they are not encryption, they are one-way hashing algorithms. If you talk about hashing but use the term encryption it marks you as someone who might not know what they're talking about, because people who know the difference don't use "encryption" and "hashing" interchangeably.As far as the password_hash function goes, it's not necessary to add anything extra, in fact adding additional hashing may break some of the features of password_hash (like automatically verifying and updating as necessary). There's a good writeup here that mentions some of the benefits:http://jeremykendall.net/2014/01/04/php-password-hashing-a-dead-simple-implementation/One of the benefits is the fact that you can define a cost. That means that you can specify that you want the server to use, for example, a quarter of a second to calculate the hash. In that case it will hash over and over using a secure salt as many times as it takes according to the cost. If your password hashes take .25 seconds to calculate then it increases the time required to brute-force a specific password (by a lot). Now instead of calculating hundreds or thousands of hashes per second, an attacker can only calculate 4, more or less depending on their hardware.This is why I'm telling you just to use password_hash, read about how it works if you want. The people who designed that did so after more than a decade of experience using PHP to store passwords, and the people who implemented it probably know more about practical cryptography than either you or I ever will. They brought in best practices (random salts, cost, etc) that have been worked out over years and years of storing passwords, not even just by PHP.
  • Like 1
Link to comment
Share on other sites

If it helps to shed some light on the different terms and concepts involved in cryptography, we did publish a blog post explaining this in detail.

 

https://paragonie.com/blog/2015/08/you-wouldnt-base64-a-password-cryptography-decoded

Link to comment
Share on other sites

  • 1 year later...

okay i know it's been a while, but thanks lol hehe, just seen this today "2 years from now", lol haha xD

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...