• Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity


      Hashing data is security-sensitive. It has led in the past to the following vulnerabilities:

      Cryptographic hash functions are used to uniquely identify information without storing their original form. When not done properly, an attacker can steal the original information by guessing it (ex: with a rainbow table), or replace the original data with another one having the same hash.

      This rule creates an issue when one of the following functions are called: hash, hash_init, crypt, password_hash, hash_pbkdf2, openssl_pbkdf2, md5, sha1

      Recommended Secure Coding Practices

      If the hashed data is sensitive, just use the functions officially recommended by PHP, i.e. password_hash, password_verify and password_needs_rehash.

      Alternatively you can use the crypt function or hash_pbkdf2 functions. Do not use the md5 or sha1 for sensitive values, and avoid hash and hash_init whenever possible.

      If you use hash_pbkdf2 or crypt choose a hashing algorithms which is known to be strong. Check regularly that this is still the case as hashing algorithms often lose strength over time.

      It is recommended to use a hashing function that generate salts automatically, but if you generate salts separately:

      • generate a cryptographically strong and random salt that is unique for every credential being hashed.
      • the salt is applied correctly before the hashing.
      • save both the salt and the hashed value in the relevant database record; during future validation operations, the salt and hash can then be retrieved from the database. The hash is recalculated with the stored salt and the value being validated, and the result compared to the stored hash.

      Note that password_hash generates strong salts automatically.

      Remember to rehash your data regularly as the hashing algorithms become less secure over time. The password_needs_rehash function helps you with that.


      HMAC computing is out of the scope of this rule. Thus no issue will be raised when the hash_init function is called with HASH_HMAC given as second parameter.




            • Assignee:
              nicolas.harraudeau Nicolas Harraudeau
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: