I'm trying to create a two way encryption algorithm for my users passwords. I need it to be encrypted but without the pre set encrypt pass (what i set)(salt?) the original password cannot be decrypted
1
-
1Encrypted data can always be decrypted when using the same key. That’s the definition of encryption. I guess you rather mean cryptographic hashing.Gumbo– Gumbo2010-09-21 09:45:39 +00:00Commented Sep 21, 2010 at 9:45
Add a comment
|
4 Answers
3 Comments
Daniel
I'm going to be using this on multiple servers/sites running PHP. most do not have that extension installed. It'd be hard to update every server/site as well.
Daniel
I need something that built into php
Daniel
I'm simply looking for a couple of functions i can use to encode and decode a hash, i want a hash to be only decodable if the correct key was used (the one inputted when encoding)
It sounds like you want to use one-way, cryptographic hashing rather than two-way encryption. Here is a good example of best-practice password storage and validation:
To save it:
$userPasswordInput = $_POST['password'];
$salt = // ideally, generate one randomly and save it to the db, otherwise, use a constant saved to the php file
$password = sha1($userPasswordInput . $salt);
Save $password (and preferably $salt) to the db. When comparing, concatenate the salt and the user input, sha1 it (or whichever encryption), then compare it to the saved (encrypted + salted) password.
1 Comment
Daniel
I supose this would work for encryption but. I can't decrypt it and get the password back using the $salt ??
i did it this way:
create a $user + $password
$saltedHash = md5($salt.$password);
now you have an encrypted password($saltedHash) to save it to the db.
if somebody try to login, you do the same with the inputed password and compare it with the one in the db.
Comments
The easiest way (though very wasteful in terms of storage) is to generate a random string and XOR it to the password. (As someone already pointed out, this is called a key, not a salt.) This is called a one-time pad. As the name implies, you cannot reuse the same key for multiple passwords.
