What should every web developer know about encryption?

views:

1018

answers:

+34 Q:

What should every web developer know about encryption?

I've just landed a PHP5 gig. I won't be handling the parts of the application that involve super sensitive data, but I still know embarrassingly little about security and encryption methods. I only know the very basics (don't store passwords in plaintext, don't allow users to run code using post data, etc). What do I need to know to keep my applications secure, and where can I learn it?

Edit: wonderful answers, everyone!

First you have to get familiarized with this php methods:

MD5
SHA1

Here you have all cryptography extensions in PHP.

Elzo Valugi 2009-08-03 19:02:27

md5 is as a good as broken nowadays, because of rainbow tables.

Macha 2009-08-03 19:22:05

That is a bit of overstatement. It's enough to add a salt and the rainbow table are useless.

Elzo Valugi 2009-08-03 20:29:17

MD5 collisions have been found. Nobody has yet demonstrated any SHA1 collisions.

David Plumpton 2009-08-03 22:33:50

@Macha if salts are not used all hashes are good as broken because of rainbow tables. The weakest link is usually not the hash but the implementation.

Hannson 2009-08-03 22:39:07

+4 A:

The short answer

You can never be too secure

Use Salted Password Hashing for increased security

The longer answer (still not complete, though)

Security is not something to be learnt by a quick tutorial on the web. It requires in-depth knowledge of not only what vulnerabilities exist, but WHY they exist and HOW they work. One of the biggest problems (especially in open source), is that new methods are added all the time, therefore we must understand security concepts and theory.

Read books, take classes, and test the vulnerabilities yourself on a local machine. Then you'll slowly begin to grasp the concept behind how to secure a web application.

Check Out the following to start you off

Sev 2009-08-03 19:04:37

+24 A:

Learn the difference between hashes and encryption. Encryptions are generally two-way interpretations of a string. I can encrypt my password, and then decrypt it to plaintext again. The idea behind hashes are that they become a one-way 'encryption.'

On my sites I store passwords as hashes. Anytime a user signs on, I re-hash their provided password, test it against the hash stored in the database and approve if they match. I cannot send them their password if they forget it, since (generally) there is no way for me to know.Two different strings can translate into the same hash, which makes it (generally) impossible to find out what the original string was.

This is one issue that is good to get a firm understanding of, and discern when to use encryption vs. hashes.

Jonathan Sampson 2009-08-03 19:06:47

Password hashing like this is only of limited value. Sure, you can't see the plain text password, but if the hash is always the same, you don't need it to compromise a system with a man in the middle attack.

Thorarin 2009-08-03 19:19:11

@Thorarin: Limited value? The technique of storing a hashed password and comparing it to a hash of the given password is common practice. SSL is there prevent an over-the-wire man in the middle or replay attack. Requiring everyone to carry an RSA (or equivalent) key fob around would be ideal, but it's not practical (yet). And if the user has malware on their computer, they are screwed either way, so let's not even go there.

William Brendel 2009-08-03 22:41:35

Hashing is next to useless without a salt; do a Google search for 'rainbow tables' to how unsalted hashes can be easily compromised.

Don Werve 2009-08-31 19:50:24

+6 A:

Where to learn about security: get Schneier's book Applied Cryptography.

zvrba 2009-08-03 19:07:22

+11 A:

That it can be broken no matter what you do.

Cyril Gupta 2009-08-03 19:10:24

+1 and the truth in most cases is that writing your own routines is a stupid move.

Fredrik 2009-08-03 19:14:23

+17 A:

Know not to write your own encryption functionality. An existing, trusted library is best way to go wherever possible. Avoid cool, bleeding edge technologies that lack many successful programmer-hours and user-hours behind them. Know not to trust the functionality you choose until you've thoroughly tested it yourself, first-person. Keep abreast of new developments which may antiquate your chosen functionality overnight. Know that just because you're using the best encryption technology available today that you've protected nothing if you leave the keys on the table (e.g., cleartext is not in a cache or stored in another table in the same database, private keys not left in the open)

Bob Kaufman 2009-08-03 19:11:53

+11 A:

Understand the difference between encrypting and hashing
Understand the reason for salts
Understand that HTTP is cleartext
Understand what HTTPS is
Understand that you will never (almost never) be able to create better hashing or encryption methods than what 3rd party libs and built-in libs already do

cwap 2009-08-03 19:13:42

+12 A:

That technology is not the weakest link in security.

Bill the Lizard 2009-08-03 19:27:05

You mean, like, Ms Palin's yahoo account?

Smandoli 2009-08-03 19:36:38

I disagree, I for example have now 4 passwords. I think if i have 1 password i would not need to write it down, but i can only type password wrong 3 times, so i cant just remember it and have to write it down.

01 2009-08-06 08:10:01

@01: This problem would be mitigated if more companies started using pass *phrases* instead of passwords. It's much easier to remember a phrase than a random string of characters, and much harder to look up a phrase in a dictionary. This **is** a technology shortcoming, and one that's exacerbating a human weakness.

Bill the Lizard 2009-08-06 11:53:47

+3 A:

Please pay attention to following points when you store passwords,

Hashed password is generally more secure because you don't have to keep a secret. However, it prevents you from using other hash-based scheme in your authentication flow. For example, you can't use HTTP Digest authentication with hashed password.
Simple hash is prone to rainbow table attak (http://en.wikipedia.org/wiki/Rainbow_table). Please add a non-reoccuring nonce to the hash or use the nonce as the key to HMAC. The nonce needs to be stored with the passwords. I prepend it to the digest.
If encryption is used, make sure a random Initial Vector is used so same password will be encrypted to different ciphertexts for different user. Otherwise, you are prone to pattern matching attack. MySQL has built-in encryption command. It doesn't inject IV so never use it for passwords.
Save key name/version with the ciphertext so keys can be rotated. Key-rotation is required for compliance with certain standards. Encryption without key information is impossible to decrypt when you are forced to change or rotate keys.

If you follow these advices, your passwords will be safe with any encryption/hash schemes.

2009-08-03 19:35:53

"Please add a non-reoccuring nonce to the hash" - You mean a salt?

Hannson 2009-08-03 22:35:35

Salt normally refers to add anything to the hash. Nonce is a kind of sort which can only be used once.

ZZ Coder 2009-08-04 20:54:11

Nonce?! That's a rather unfortunately named concept.

UpTheCreek 2009-10-17 18:35:22

+1 A:

Check out the Open Web Application Security Project. They have a lot of information on the current web app security issues and what you need to do to defend against them. OWASP is putting together a Development Guide that provides a lot of good information on web apps and web services development issues.

jkf 2009-08-03 22:29:48

+1 A:

Bob Somers 2009-08-03 22:46:16

ansaurus

tags:

views:

answers:

What should every web developer know about encryption?

related questions