Sign in to follow this  
Followers 0

Latest/Greatest way to ecrypt with PHP


11 posts in this topic

Posted

Hey all,

What's the best/safest way right now to encrypt a password to store into a MySQL database?

Share this post


Link to post
Share on other sites

Posted

bcrypt

2 people like this

Share this post


Link to post
Share on other sites

Posted

Why are you encrypting passwords? Does it need to be reversible?

If you are storing the users login details try salting and hashing your passwords instead - SHA1

1 person likes this

Share this post


Link to post
Share on other sites

Posted

More details would help I guess haha. It is an Admin username and password stored in a database. The admin has to enter the username and password when logging into the control panel. I want to save that password as securely as possible. I'm completely new to this and there are many options online, and I need some guidance.

Why are you encrypting passwords? Does it need to be reversible?

If you are storing the users login details try salting and hashing your passwords instead - SHA1

i will look into this! Thank you!

Share this post


Link to post
Share on other sites

Posted

SHA1 is "weaker" than newer hash methods, and it's even better to use something like HMAC-SHA256 or bcrypt (as mentioned before)

Share this post


Link to post
Share on other sites

Posted

Could someone post a good tutorial? It's confusing trying to pin down the information that i need. There are seriously so many options, and old posts. Im really don't know what is the newest and safest thing to use!

Share this post


Link to post
Share on other sites

Posted

I see BLOWFISH and SHA512 listed. Some searches are saying that both a good. Should I use BLOWFISH?

Share this post


Link to post
Share on other sites

Posted

I'd use a pre-built solution that's been tested, the good ones will use something secure (HMAC-SHA256, bcrypt, etc.) and you won't have to worry about doing something wrong and accidentally opening a flaw into your system.

Share this post


Link to post
Share on other sites

Posted

Use crypt().


if (CRYPT_BLOWFISH == 1) {

   crypt($password, $salt);

}

It's one way (as it should be), so you'll need to store the salt somewhere, preferably generating a random one for each user than saving it in the database with the user's record. Then when the user logs in with a username and password, you can lookup the user by username, then:

if ($stored_password === crypt($entered_password, $stored_salt))

{

  user_login();

}


Note that in the documentation for crypt() they show how to check for various encryption methods if blowfish isn't available.

2 people like this

Share this post


Link to post
Share on other sites

Posted

Hey all,

What's the best/safest way right now to encrypt a password to store into a MySQL database?

Depends on what you are encrypting!

My strategy for saving PII (Personal Identifiable Information) or PAN (Private Account Number) would be much different than just a Username / Password combination where the user cannot be identified.

Share this post


Link to post
Share on other sites

Posted

Take a look at PHP-PasswordLib and it's worth noting that this feature has been accepted into PHP 5.5.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.