• 0

Latest/Greatest way to ecrypt with PHP


Question

10 answers to this question

Recommended Posts

  • 0

Why are you encrypting passwords? Does it need to be reversible?

If you are storing the users login details try salting and hashing your passwords instead - SHA1

Link to comment
Share on other sites

  • 0

More details would help I guess haha. It is an Admin username and password stored in a database. The admin has to enter the username and password when logging into the control panel. I want to save that password as securely as possible. I'm completely new to this and there are many options online, and I need some guidance.

Why are you encrypting passwords? Does it need to be reversible?

If you are storing the users login details try salting and hashing your passwords instead - SHA1

i will look into this! Thank you!

Link to comment
Share on other sites

  • 0

Could someone post a good tutorial? It's confusing trying to pin down the information that i need. There are seriously so many options, and old posts. Im really don't know what is the newest and safest thing to use!

Link to comment
Share on other sites

  • 0

I'd use a pre-built solution that's been tested, the good ones will use something secure (HMAC-SHA256, bcrypt, etc.) and you won't have to worry about doing something wrong and accidentally opening a flaw into your system.

Link to comment
Share on other sites

  • 0

Use crypt().


if (CRYPT_BLOWFISH == 1) {
crypt($password, $salt);
}
[/CODE]

It's one way (as it should be), so you'll need to store the salt somewhere, preferably generating a random one for each user than saving it in the database with the user's record. Then when the user logs in with a username and password, you can lookup the user by username, then:

[CODE]
if ($stored_password === crypt($entered_password, $stored_salt))
{
user_login();
}

[/CODE]

Note that in the documentation for crypt() they show how to check for various encryption methods if blowfish isn't available.

  • Like 2
Link to comment
Share on other sites

  • 0

Hey all,

What's the best/safest way right now to encrypt a password to store into a MySQL database?

Depends on what you are encrypting!

My strategy for saving PII (Personal Identifiable Information) or PAN (Private Account Number) would be much different than just a Username / Password combination where the user cannot be identified.

Link to comment
Share on other sites

This topic is now closed to further replies.