I've been using PHPass to hash my passwords for a long time. I admit that there's still things I don't fully understand (or ignore) to hash a password properly so today I was reviewing all the info I could find about it.
Reviewing PHPass documents, I've steped into this:
Besides the actual hashing, phpass transparently generates random salts when a new password or passphrase is hashed, and it encodes the hash type, the salt, and the password stretching iteration count into the "hash encoding string" that it returns. When phpass authenticates a password or passphrase against a stored hash, it similarly transparently extracts and uses the hash type identifier, the salt, and the iteration count out of the "hash encoding string". Thus, you do not need to bother with salting and stretching on your own - phpass takes care of these for you.
I've bolded the sentence that bothered me.
I always though that the salt should be somewhat secret, in the sense that it should not be known to the attacker. So if a understood correctly, PHPass stores the salt used in the same hash so it is able to use it when comparing passwords and check if valid.
My questions are
- Is this secure? If the hash is compromised, the attacker has the salt used to hash the password... There's something I miss here.
- I'm here really free to bother about salting passwords? Can I really rely on PHPass?