473,549 Members | 2,594 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How to encrypt and decrypt password in php

29 New Member
can i ask
how to encrypt an password in php code?
then how to decrpty it after encrypt?

Aug 17 '09 #1
19 39960
code green
1,726 Recognized Expert Top Contributor
To do this you need to write your own encrypting algorithm.
The system supplied functions sha_1 and md5 are "un-decryptable".
This all makes sense really because if there were publicly available functions that encrypted and decrypted it would make them fairly useless.
Aug 17 '09 #2
81 New Member
The PHP's OpenSSL interface has everything you may ever want from encryption/decryption/hashing and even an awsome RNG.

See php.net/openssl
Aug 17 '09 #3
Dheeraj Joshi
1,123 Recognized Expert Top Contributor
Basically... Do md5 on the password for encryption..

But 50% of worlds password are "password", so doing on the frequency analysis one can guess the password.(Thoug h it require some work).

So you better to add some salt(string of random characters 16characters or 8 characters) for password of each user.

So now md5 the password and salt and then validate it against database.

So even if the passwords for various users are same your salt(unique for each user) make the passwords different.(So no same patterns in the database basically).

For validating

Take password from user and for his username fetch the salt.
do md5 on both of them and check against the database.

Expand|Select|Wrap|Line Numbers
  1. <?php
  3. $len = 16;
  5. $base='ABCDEFGHKLMNOPQRSTWXYZabcdefghjkmnpqrstwxyz123456789';
  7. $max=strlen($base)-1;
  9. $activatecode='';
  11. mt_srand((double)microtime()*1000000);
  13. while (strlen($activatecode)<$len+1)
  15.   $activatecode.=$base{mt_rand(0,$max)};
  19. echo $activatecode;
  21. ?>
This is how salt look like.

Dheeraj Joshi
Aug 17 '09 #4
Dheeraj Joshi
1,123 Recognized Expert Top Contributor
MD5 is basically one way.

You can encrypt but can not decrypt..(I mean to say you can not get back the actual text from the encrypted text.)

Dheeraj Joshi
Aug 17 '09 #5
81 New Member
That's called "hashing". Encryption is always reversible e.g. encrypted text can be decrypted if you have the right key(s).

Ontopic, I would avoid md5() which is very outdated and easy to crack if I were you. If you want secure passwords, the best way would be to use some very resilient hashing algorithm (RipeMD is a great choice) with 6+ character salt. Encryption is slightly more problematic since the attacker only has to break the encryption key to access the data which means you will have to devise some method to protect the encryption keys (which is often done through hashing a password...). It's not worth all this hassle only to allow users to recover their password IMO.
Aug 17 '09 #6
Dheeraj Joshi
1,123 Recognized Expert Top Contributor
Unauthorized is right...

MD5 is outdated...

Go for something else.

Dheeraj Joshi
Aug 17 '09 #7
41 New Member
you can use base64_encode() and base64_decode() for encrypting and later decrypting the string...

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. $str = 'This is a top secret...';
  3. $enc = base64_encode($str);
  4. $dec = base64_decode($enc);
  6. echo "Encoded String";
  7. echo $enc;
  8. echo "Decoded String";
  9. echo $dec;
  10. ?>
but its only 64 bit and not secure enough...

you may use hashing algorithms like MD5 and SHA1 to make a hash of your password and store it in the db..
later when the user enters the password... you just make the hash of the entered password and compare it with the hashed value from db with a strcmp()

Hope this will help you....
Aug 17 '09 #8
4 New Member
base64_*() are not encryption algorithms; they are encoding algorithms. They convert from one form to another (like converting binary and decimal). By "64 bits" you mean "64 characters" and "not secure enough" should be "not secure at all".

You should take a look at mcrypt: http://uk.php.net/manual/en/function.mcrypt-encrypt.php

I'm not entirely sure, but I think MD5 is a fairly secure algorithm; SHA-1 is securer, I think. I wouldn't judge its strength by its age. Although it may be susceptible to brute force attacks, simple rate limiting on a production site can eliminate this risk.

As for salts, this is probably easier:

Expand|Select|Wrap|Line Numbers
  1. $salt = md5(uniqid(mt_rand(), true), true);
  2. $hashed_pass = md5 ( $pass . $salt, true);
Aug 19 '09 #9
1,584 Recognized Expert Top Contributor
I cracked md5.

I have the code at home if you don't believe me.

It cracked a 4 letter password in half an hour. In a couple of days I could probably 5 or 6 letters.

I'd go with SHA-1 as a bare minimum with a good salt.

Aug 19 '09 #10

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Benoît | last post by:
Hi, I have generated two keys : "C:>openssl req -nodes -new -x509 -keyout ben.key -out ben.crt -days 3650" I try to encrypt/decrypt a string like "JOHN" with these asymetrics keys. With the following code, it works. I encrypt with the public key which is in the certificate. I decrypt with the private key. But why, the crypted message is...
by: Aaron | last post by:
Is the native Encrypt/Decrypt functionality with .NET PGP compatible?
by: Hrvoje Voda | last post by:
Does anyone knows a good example of how to encrypt/decrypt a string? Hrcko
by: Alex Nitulescu | last post by:
Hi. I am writing an app which stores usernames/passwords and email addresses in a database table. The question is how can I encrypt the password provided by the user ? FormsAuthentication.Encrypt produces an encrypted string, but it is for use in a ticket. On the other hand, FormsAuthentication.HashPasswordForStoringInConfigFile...
by: Jean Christophe Avard | last post by:
Hi! I am designing an application wich comes with image file. These images are copyrighted and they have to be accessible only from within the application. At first, I tought I was going to store them in a database, but since there will be much more than 2go, I'm going to need multiple database, and it's no good for CPU performance... I...
by: Ripendra007 | last post by:
hi,everyone i m creating a login page and i want to encrypt the password before insert that in to database and decrypt it before verification can enybody tell how to do this ?
Paul NIcolai Sunga
by: Paul NIcolai Sunga | last post by:
.i need your help guys,. thanks, i just want to know how to encrypt the password that have been submit to the database. /* $lik refers to the database linked, i assumed that the database has been connected */ <?Php $uname = $_POST; $pwd = $_POST; $query = mysqli_query($link, "Insert into user_tbl(username, password) values('$uname',...
by: bferguson94 | last post by:
Design a program that allows the user to encrypt or decrypt a file. This means you will need to ask the user the direction to shift (left or right) and the number of places to shift (should they choose to encrypt a file). The number of places a file can be shifted is anywhere from 0 to 2 billion. You may assume the input from the user will be...
by: Rich Howard | last post by:
I'm working on an application that works as a remote client for integrating with corporate services. It's packaged as a downloadable Windows installer, allowing a user to install it and then configure a profile for connecting with their account(s). This information, including account passwords, will be written to a local properties file for...
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.