I have gotten a code from php.net. http://php.net/manual/en/book.mcrypt.php
Problem is when you encrypt something, the next time the ecrypted one isn't the same as the first one. I need to get the exact same hash using sha512 or sha256. I also need to decrypt it because the function will be used for encrypting customer's name and other data.
Thanks in advance!
I shared my crypt wrapper at https://stackoverflow.com/a/173764/17404. Try using that.
Instead of using mcrypt for hashing, consider using the hash() function instead.
Remember, hashes is one-way methods and cannot be 'decrypted'.
Looking for encryption/decryption I would recommend you look at AES encryption - either through MySQL if you have your data stored in the database, otherwise mcrypt() can also manage AES.
Related
Thinking about to write a PHP script storing passwords in a DB, what php-crypto-function should i use?
Hashing is not an option, cause the passwords have to be stored cryted and able to be encrypted, so the user can see them.
Given your product's code function is to allow the user to view passwords, symmetric encryption is what you want.
Check out the API docs for mcrypt (MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)
I want to encrypt and decrypt data strings that are longer than 2500 characters. Is it possible to encrypt and decrypt such long data strings. It's like essays. Please tell me which encryption and decryption technique should I choose for such long data in PHP. Also what will be the effects of this on the database? Will the database will become heavy. What will be the length of the encrypted string that it will return?
I have never encrypted data in PHP rather than using only md5().
MD5 is NOT encryption, it's a hash function, a one-way method to obfuscate data.
For encryption of data that you can also decrypt, take a look at Simplest two-way encryption using PHP.
md5() isn't usually used for encryption, but for hashing purposes.
There are many extensions in PHP that deal with encryption. You can find them all here:
http://www.php.net/manual/en/refs.crypto.php
The most well known extensions are Mcrypt and OpenSSL.
With OpenSSL, you can use openssl_encrypt() to encrypt your data.
With Mcrypt, you can use mcrypt_encrypt() to encrypt your data.
Check the relevant sections of each extension for more information
Is storing emails in databases encrypted using encrypt() function in php secure ? If yes then how can i decrypt it if not then what's a better idea ? example : crypt() function
The best you're going to get is with a Rijndael encryption. What you're doing is hashing which isn't reversible.
Check this out for AES encryption in PHP:
AES-256 encryption in PHP
A good option to look at is PGP
You can find more info about this by clicking here
I have some sensitive data in an online PHP application I am building. I want to store the data as a hash in the database, but that means I will have to decode the data every time I call it from the database. I know a hash is built to not be easily reversed engineered, so I would like to know what the best solution would be?
Unlike with passwords, I can't do a hash comparison - so how should I protect the information in the database?
What you're looking for is encryption, not hashing. Encryption is two way which means you can unencrypt to view the contents assuming you have the proper information for doing so (you do, snoopers don't).
See this post for code on how to do this with PHP.
Cryptographic hash functions are one-way functions, meaning that you cannot reverse them. What I presume you are looking for is encryption. You can use the Mcrypt or OpenSSL extensions to do this. My recommendation would be using AES with a 256-bit key (but remember that you need to keep the key secure) to encrypt the data before inserting it into the database and decrypting it upon retrieval. Now, you could use the methods provided by MySQL but I'd use Mcrypt myself. If you can provide the nature and approximate size of the data you are trying to keep secure I could recommend a suitable mode of operation.
Try reading this article on web cryptography: http://www.alistapart.com/articles/web-cryptography-salted-hash-and-other-tasty-dishes/
You can encode variables using the SHA-1 hash as follows:
sha1('password')
=> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
MySQL supports data encryption and decryption. Ex:
INSERT INTO people (pet_name)
VALUES (AES_ENCRYPT('Schmoopie','my-secret-key'));
SELECT AES_DECRYPT(pet_name, 'my-secret-key') AS pet_name
FROM people;
Both of these examples are from the List Apart article.
I mean, crypt()'s return is always different.
So how do websites like 4chan do to give a permanent tripcode to a password?
Are they stored in a database?
4chan's tripcodes are created using a specific formula, and are a shorter version of a hash. You can achieve the same effect by using MD5 or SHA1.
Encrypt string to MD5 (PHP):
$md5 = md5("$string");
Encrypt string to SHA1 (PHP):
$sha1 = sha1("$string");
There is no way to reverse the hashing process (just like tripcodes), but with time and power they can be "bruteforced" back to plain text.
It's quite common to salt a password, then hash it using DES, MD5, SHA, or newer hashes. The salt is then stored as part of the password.
PHP's crypt works this way, although the exact algorithm it uses to hash the password may be different between versions of PHP... and even between operating systems, although the latter supposedly changed in PHP 5.3. (PHP now includes its own hashing library instead of relying on the OS library, which is really, really important if you're using Windows, as crypt function on Windows only supported DES with 2-byte salt prior to this)
Edit:
Note: crypt has an optional second argument. Passing the encrypted password as the second argument will usually get PHP to detect the salt and algorithm used to originally hash the password, namely because everything other than DES start with $#$ where # is a number.
You pass the salt to crypt() as the second argument. This causes the output to use that salt instead of generating one on the fly.
The salt being randomly generated is why crypt("something") returns different results each time. If I run crypt("something", "ab"), it'll be identical every time. I don't have PHP here to check what the value is, though.
Wikipedia has an article about Tripcodes.
I think there's a table "tripcodes" where tripcodes were generated with the Wikipedia's and they are associated with strings they come from, no?
Yes password are stored in a database but without the use of crypt(). They use sha1() or encryption database function like AES_ENCRYPT() in mysql.