I want to encrypt some data uisng SHA256 hashing algorithm
<?php
$encryption_key = "aldskfje49345rgaefa";
echo hash('sha256', "hello world");
?>
Try Using hash_hmac() Like this hash_hmac('sha256',);
Read the Manual Here
Just a suggestion...
When you do this
echo hash('sha256', "hello world");
You are not encrypting your data but you are hashing them.
The difference between both ?
Hashing is one way. You generate an unique and irreversible hash.
Encrypting is two way. You can encrypt your data with a key and decrypt with the same key.
So in your situation, you should avoid using SHA256 algorithm. Instead, I recommand you to use Crypt facade provided by Laravel. The key used for encrypting your data is your APP_KEY environnement variable (which is generated when you install your project).
If you have not this, you can simply generate it by execute this command :
php artisan key:generate
So, you will need to share the key with your friend, and use the same algorithm. I let you read the documentation about Crypt Facade.
Related
I must migrate my backend from php to node. We used php crypt (with default random salt) to hash the passwords.
For instance, for the password 'd1692fab28b8a56527ae329b3d121c52', I have the following crypted pw in my base (depending if I used either md5 or sha512, as the $i$ specify) :
$1$7JxJYjJK$oFtCGyVvflspPtxB7YrWP.
$6$CVx6KL5l$wzk3YXlqUaz42Kb9r2lmEJhx/FBUXPRoLWN.20/XMBbgQrhp3vSHkEDF3bJEtpM3M96VZ.AMKatLGSKYZZKNH/
And in php I can verify them with crypt :
echo crypt('d1692fab28b8a56527ae329b3d121c52', '$1$7JxJYjJK$oFtCGyVvflspPtxB7YrWP.');
echo "\n";
echo crypt('d1692fab28b8a56527ae329b3d121c52', '$6$CVx6KL5l$wzk3YXlqUaz42Kb9r2lmEJhx/FBUXPRoLWN.20/XMBbgQrhp3vSHkEDF3bJEtpM3M96VZ.AMKatLGSKYZZKNH/');
echo "\n";
Which returns the correct crypted pw.
I did not manage to obtain such results with any node function. I tried stuff like :
require("crypto").createHmac("md5", "7JxJYjJK").update("d1692fab28b8a56527ae329b3d121c52").digest("base64");
And many others, but without any success.
Can someone please help me to do this ? I abolutely need the MD5 version ($1$) ; the sha512 would be somewhat nice (I know it's horrifying, but it's the md5 version that was used on the prod server, and the sha512 that was used on the test server...).
I just converted the original crypt_md5() (as used in PHP) to JavaScript for one of my projects. You can find it here:
https://github.com/BlaM/cryptMD5-for-javascript
(Supports only $1$, but that's at least a part of what you are looking for.)
I would like to ask you whether it is safe to use this class to store users' passwords in database.
https://www.codeigniter.com/user_guide/libraries/encryption.html
I generated some random string (32 chars) as encryption key.
For encryption I would use $this->encrypt->encode($pwd)
The only thing I would like to know whether it is safe or I should use md5 or sha1 or something different.
THanks
It's pretty safe because decryption will need access to your salt key, in the config file. But I recommend you only use this method if you REALLY need decryption. For passwords usually is not needed.
Better than that, use SHA1. Double encrypt your passwords with a random seed.
$seed = random_string();
$pwd = sha1($pwd . $this->config->item('encryption_key'));
$pwd = sha1($pwd . $seed);
Then store both (pwd and seed) in your database. When checking if password match, encrypt with SQL.
I am working in a PHP app we have a particular string that we need to encrypt before storing in a database. I can do this in PHP with not problem using mcrypt with a key and a iv. Currently I'm trying to use blowfish because I thought it would be the most flexible as far as decrypting it in ColdFusion. The issue I ran into is it seems ColdFusion doesn't want to use the key or iv I encrypted with. ColdFusion wants you to generateSecretKey() and use some other way to create the iv.
What I can't seem to do is get the two to communicate. I tried first encrypting in coldFusion and using the key it generated and iv it used in PHP but the result was not what it should be. I know I must be missing something but I can't quite pinpoint what it might be.
<?php
$securedString = mcrypt_encrypt ('MCRYPT_BLOWFISH' , 'THISISMYKEYTHATISVERYLONG32CHARS' , "This is the string I need encrypted' , MCRYPT_MODE_CBC , '12345678');
echo base64_encode($securedString);
?>
So what would an equivalent ColdFusion Decryption call look like?
BTW: if Blowfish is not the ideal algorithm to use please feel free to suggest another as long as both ColdFusion and PHP can use it and it is secure.
Thanks,
Bruce
Something like this should work. You just need to share a common key between each.
In PHP:
base64_encode(mcrypt_encrypt(MCRYPT_3DES, $key, $plain_string, MCRYPT_MODE_ECB));
In Coldfusion:
<cfscript>
decrypted_string = decrypt(enc_string, key, "DESEDE", "Base64");
</cfscript>
What is difference in CodeIgniter sha1 and normal PHP sha1?
For example:
$codeigniter_hashed = $this -> encrypt -> sha1( "test" );
And
$normal_hashed = sha1("test");
Both will return same values.
Where does CodeIgniter uses encryption_key?
If your PHP installation doesn't have sha1 installed, you can use the CI version. If your PHP installation already has it, you don't need to use the CI function.
From the user guide:
$this->encrypt->sha1();
SHA1 encoding function. Provide a
string and it will return a 160 bit
one way hash. Note: SHA1, just like
MD5 is non-decodable. Example: $hash =
$this->encrypt->sha1('Some string');
Many PHP installations have SHA1
support by default so if all you need
is to encode a hash it's simpler to
use the native function: $hash =
sha1('Some string');
If your server does not support SHA1
you can use the provided function.
More info: http://codeigniter.com/user_guide/libraries/encryption.html
Pretty sure the function you show is a pure SHA encrypt - you only use a specific encryption_key if you want to key/encode the data so only you (the holder of the encryption key), will be able to decrypt it.
$encrypted_with_encryption_key = $this->encrypt->encode($var);
$encrypted_with_sha_no_enc_key = $this->encrypt->sha1($var);
the encryption key is saved at config/config.php
as
$config['encryption_key'] = 'some key';
What is the decrypt function for crypt function in PHP
Thanks
Bharanikumar
From the PHP Manual
There is no decrypt function, since crypt() uses a one-way algorithm.
5 seconds of searching stackoverflow:
how do I encrypt and then decrypt the text of username and password used in database class file
How can I decrypt password string in PHP which was encrypted with crypt?
php mcrypt - decrypting and encrypting files?
Encrypt and Decrypt String With Key PHP
php encrypt and decrypt
I'm sure google has more. Please do a bit of research before you ask a question, it's not fair to just expect everyone else to do all the thinking for you.
You cannot decrypt the crypt function but if you need original string back, use mcrypt_encrypt and mcrypt_decrypt, and choose key based encryption like MCRYPT_RIJNDAEL_256