DrJohnSmitherson Posted February 4, 2013 Share Posted February 4, 2013 Hey all, What's the best/safest way right now to encrypt a password to store into a MySQL database? Link to comment Share on other sites More sharing options...
0 primexx Posted February 4, 2013 Share Posted February 4, 2013 bcrypt threetonesun and The_Decryptor 2 Share Link to comment Share on other sites More sharing options...
0 Guest Posted February 4, 2013 Share Posted February 4, 2013 Why are you encrypting passwords? Does it need to be reversible? If you are storing the users login details try salting and hashing your passwords instead - SHA1 Link to comment Share on other sites More sharing options...
0 DrJohnSmitherson Posted February 4, 2013 Author Share Posted February 4, 2013 More details would help I guess haha. It is an Admin username and password stored in a database. The admin has to enter the username and password when logging into the control panel. I want to save that password as securely as possible. I'm completely new to this and there are many options online, and I need some guidance. Why are you encrypting passwords? Does it need to be reversible? If you are storing the users login details try salting and hashing your passwords instead - SHA1 i will look into this! Thank you! Link to comment Share on other sites More sharing options...
0 The_Decryptor Veteran Posted February 4, 2013 Veteran Share Posted February 4, 2013 SHA1 is "weaker" than newer hash methods, and it's even better to use something like HMAC-SHA256 or bcrypt (as mentioned before) Link to comment Share on other sites More sharing options...
0 DrJohnSmitherson Posted February 6, 2013 Author Share Posted February 6, 2013 Could someone post a good tutorial? It's confusing trying to pin down the information that i need. There are seriously so many options, and old posts. Im really don't know what is the newest and safest thing to use! Link to comment Share on other sites More sharing options...
0 DrJohnSmitherson Posted February 6, 2013 Author Share Posted February 6, 2013 I see BLOWFISH and SHA512 listed. Some searches are saying that both a good. Should I use BLOWFISH? Link to comment Share on other sites More sharing options...
0 The_Decryptor Veteran Posted February 6, 2013 Veteran Share Posted February 6, 2013 I'd use a pre-built solution that's been tested, the good ones will use something secure (HMAC-SHA256, bcrypt, etc.) and you won't have to worry about doing something wrong and accidentally opening a flaw into your system. Link to comment Share on other sites More sharing options...
0 threetonesun Posted February 6, 2013 Share Posted February 6, 2013 Use crypt(). if (CRYPT_BLOWFISH == 1) { crypt($password, $salt);}[/CODE] It's one way (as it should be), so you'll need to store the salt somewhere, preferably generating a random one for each user than saving it in the database with the user's record. Then when the user logs in with a username and password, you can lookup the user by username, then: [CODE]if ($stored_password === crypt($entered_password, $stored_salt)){ user_login();}[/CODE] Note that in the documentation for crypt() they show how to check for various encryption methods if blowfish isn't available. Seabizkit and DrJohnSmitherson 2 Share Link to comment Share on other sites More sharing options...
0 tim_s Posted February 6, 2013 Share Posted February 6, 2013 Hey all, What's the best/safest way right now to encrypt a password to store into a MySQL database? Depends on what you are encrypting! My strategy for saving PII (Personal Identifiable Information) or PAN (Private Account Number) would be much different than just a Username / Password combination where the user cannot be identified. Link to comment Share on other sites More sharing options...
0 AnthonySterling Posted February 9, 2013 Share Posted February 9, 2013 Take a look at PHP-PasswordLib and it's worth noting that this feature has been accepted into PHP 5.5. Link to comment Share on other sites More sharing options...
Question
DrJohnSmitherson
Hey all,
What's the best/safest way right now to encrypt a password to store into a MySQL database?
Link to comment
Share on other sites
10 answers to this question
Recommended Posts