Hacker News new | past | comments | ask | show | jobs | submit login

So as a couple comments ask, what if you have to rotate the pepper? There's ways to do that, but sometimes people disengage their brains, and by making the whole scheme a little more complicated and a little more difficult to work with, you entice people to cheat. Like storing the plaintext password in a second column for "rehashing" purposes.



If you encrypt instead of peppering, you just decrypt then re-encrypt with a new key and call it a day.

Peppering has always meant, to me, doing something like this:

  // Hashing
  $preHash = base64_encode(
      hash_hmac('sha512', $password, $_ENV['pepper'], true)
  );
  $storedHash = password_hash($preHash, PASSWORD_DEFAULT);

  // Validation
  $preHash = base64_encode(
      hash_hmac('sha512', $password, $_ENV['pepper'], true)
  );
  if (password_verify($preHash, $storedHash)) {
      // You're in!
  }
To anyone reading this: Don't bother peppering.


Alternatively you could just encrypt the already encrypted data with the new key.


Wouldn't that require you to retain all compromised keys, and daisy chain the encryption operations?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: