How to securely generate SSHA256 or SSHA512 hashes in PHP?

Question

I am working on a web administration module for mailservers (it's open source if you'd like to take a look).

For that, I need to be able to generate hashed password that is readable by Dovecot . As described on their wiki , their recommended password hashing scheme is SSHA256 (the extra S is for salted).

It's also explained that this could be reasonably simple to implement with something like this PHP code:

$salt = 'generate_a_salt_somehow';
$hash = hash('sha256', $password . $salt);

However, from what I've read about cryptography, that is a rather naíve way to generate salted hashes, but if you're doing it wrong when typing AES in your source code , I figured the same could be true in this case.

So if you have insight into cryptography, I'd love to hear about the most secure way to do this, be it mcrypt, mhash or whatever.

Answer 1

The Dovecot wiki page you linked to explains what the exact hash format Dovecot uses is. You don't have any choice in the matter -- Dovecot has its expectations on what the hash will look like, so you have to play by its rules:

For most of the salted password schemes (SMD5, SSHA*) the salt is stored after the password hash and its length can vary. When hashing the password, append the salt after the plaintext password, eg: SSHA256(pass, salt) = SHA256(pass + salt) + salt.

So an appropriate password generation function in PHP might look like:

$hash = "{SSHA256}" . base64_encode(hash('sha256', $password . $salt) . $salt);

Answer 2

Password generation function in PHP:

$hash = "{SSHA256}".base64_encode(hash('sha256', $password.$salt, true).$salt);

Necessarily "true" - the third parameter...