Summary Notes on "Implementing Secure User Authentication in PHP Applications with Long-Term Persistence"
- Secure Authentication is hard
- MD5 and SHA1 are not secure password hashing algorithms due to collisions. A collision is when to different strings result in the same hash.
- Argon2, bcrypt, scrypt and PBKDF2 are acceptable hashing algorithms
- bcrypt > PBKDF2
- Use existing password_hash() and password_verify() API instead of writing their own crypt()-based implementation
- Use pashword_hash() instead of generating an own salt
- bcrypt has limitations in that it truncates to 72
- Use SHA-384 instead of SHA-256
- Peppers do not add any meaningful security above and beyond the salt that password_hash() generates for you
- Try to employ hardware separation, ideally different adminst have access
- Instead of pepper, encrypt hashes before inserting into DB
- asking for min length is ok
- enforcing a maximum password length is NOT ok
- asking for specific characters is NOT ok
- use Dropbox's zxcvbn library to provide feedback to users about the strength of their passwords
- Passwords must be at between 12 and 4,096 characters in length.
- Passwords can contain any characters (including Unicode).
- We strongly encourage the use of a password manager like KeePass or KeePassX to generate and store your passwords.
- Your zxcvbn password strength must be at least level 3 (on the 0-4 scale).