Hi All,
Up until now I have been storing passwords in the database as an sha1 hash.
I like doing it this way, but a problem arises with people who forget their
passwords - I cannot retrieve it for them.
The simplest option would be cleartext passwords. Easy enough. But what I
would prefer to do is some sort of two-way encryption, so I can encrypt the
passwords, store them in the database, and then get them back. Are there
any PHP libraries out there that can do this? I have thought about rolling
my own, but do not want to duplicate somebody else's effort.
A cursory look for this sort of thing returned only one-way (hashing)
encryption techniques. This leaves me back where I was, having to reset
users passwords, rather than emailing it back to them.
I am not running a banking application here, so I am not too paranoid about
security. But, it would be nice to have some reasonable level of encryption
that is harder than rot13 to break.
Thoughts?
-Josh 8 18622
Joshua Beall wrote: Hi All,
Up until now I have been storing passwords in the database as an sha1 hash. I like doing it this way, but a problem arises with people who forget their passwords - I cannot retrieve it for them.
The simplest option would be cleartext passwords. Easy enough. But what I would prefer to do is some sort of two-way encryption, so I can encrypt the passwords, store them in the database, and then get them back. Are there any PHP libraries out there that can do this? I have thought about rolling my own, but do not want to duplicate somebody else's effort.
A cursory look for this sort of thing returned only one-way (hashing) encryption techniques. This leaves me back where I was, having to reset users passwords, rather than emailing it back to them.
I am not running a banking application here, so I am not too paranoid about security. But, it would be nice to have some reasonable level of encryption that is harder than rot13 to break.
Thoughts?
-Josh http://php.net/crypt
"Brendan Donahue" <wi****@wizardsofwebsites.com> wrote in message
news:K9********************@comcast.com... Joshua Beall wrote: what I would prefer to do is some sort of two-way encryption
<snip> http://php.net/crypt
From the PHP manual:
"crypt -- One-way string encryption (hashing) "
I am looking two way encryption solutions, as I clearly stated in the OP.
Any pointers?
In article <_t******************@nwrddc01.gnilink.net>, Joshua Beall wrote: Up until now I have been storing passwords in the database as an sha1 hash. I like doing it this way, but a problem arises with people who forget their passwords - I cannot retrieve it for them.
The simplest option would be cleartext passwords. Easy enough.
Imho, there is a simpler solution. Don't recover the password, but
generate a new one for them.
But what I would prefer to do is some sort of two-way encryption, so I can encrypt the passwords, store them in the database, and then get them back. Are there any PHP libraries out there that can do this? I have thought about rolling my own, but do not want to duplicate somebody else's effort.
With GnuPG / PGP you could put your public key on the server. Now write
a script that uses that public key to encrypt the data. And whenever you
need to decrypt the data, use your private key.
-- http://home.mysth.be/~timvw http://us2.php.net/manual/en/ref.mcrypt.php
"Joshua Beall" <jb****@donotspam.remove.me.heraldic.us> wrote in message news:<_t******************@nwrddc01.gnilink.net>.. . Hi All,
Up until now I have been storing passwords in the database as an sha1 hash. I like doing it this way, but a problem arises with people who forget their passwords - I cannot retrieve it for them.
The simplest option would be cleartext passwords. Easy enough. But what I would prefer to do is some sort of two-way encryption, so I can encrypt the passwords, store them in the database, and then get them back. Are there any PHP libraries out there that can do this? I have thought about rolling my own, but do not want to duplicate somebody else's effort.
A cursory look for this sort of thing returned only one-way (hashing) encryption techniques. This leaves me back where I was, having to reset users passwords, rather than emailing it back to them.
I am not running a banking application here, so I am not too paranoid about security. But, it would be nice to have some reasonable level of encryption that is harder than rot13 to break.
Thoughts?
-Josh
Take a look at http://www.tonymarston.co.uk/php-mysql/encryption.html which
describes a reversible encryption routine for PHP. There is an online test
harness so you can see it working, and you have access to the code as well.
HTH.
--
Tony Marston http://www.tonymarston.net
"Joshua Beall" <jb****@donotspam.remove.me.heraldic.us> wrote in message
news:_t******************@nwrddc01.gnilink.net... Hi All,
Up until now I have been storing passwords in the database as an sha1
hash. I like doing it this way, but a problem arises with people who forget
their passwords - I cannot retrieve it for them.
The simplest option would be cleartext passwords. Easy enough. But what
I would prefer to do is some sort of two-way encryption, so I can encrypt
the passwords, store them in the database, and then get them back. Are there any PHP libraries out there that can do this? I have thought about
rolling my own, but do not want to duplicate somebody else's effort.
A cursory look for this sort of thing returned only one-way (hashing) encryption techniques. This leaves me back where I was, having to reset users passwords, rather than emailing it back to them.
I am not running a banking application here, so I am not too paranoid
about security. But, it would be nice to have some reasonable level of
encryption that is harder than rot13 to break.
Thoughts?
-Josh
"Tony Marston" <to**@NOSPAM.demon.co.uk> wrote in message
news:c6*******************@news.demon.co.uk... Take a look at http://www.tonymarston.co.uk/php-mysql/encryption.html
which describes a reversible encryption routine for PHP. There is an online test harness so you can see it working, and you have access to the code as
well.
After a cursory look, I think this is exactly the sort of thing I need.
Thanks much!
Hi Joshua,
two possible solutions:
1) have people remember their passwords or they will have to live with
new ones.
2) or start up a bank. :)
P.S. You may wanna store passwords in plaintext since you are not
running a bank. If the database gets compromised the attacker will
very likely not be interested in your passwords (since s/he already
posesses system wide access)
Best Regards,
Lucas
"Joshua Beall" <jb****@donotspam.remove.me.heraldic.us> wrote in message news:<_t******************@nwrddc01.gnilink.net>.. . Hi All,
Up until now I have been storing passwords in the database as an sha1 hash. I like doing it this way, but a problem arises with people who forget their passwords - I cannot retrieve it for them.
The simplest option would be cleartext passwords. Easy enough. But what I would prefer to do is some sort of two-way encryption, so I can encrypt the passwords, store them in the database, and then get them back. Are there any PHP libraries out there that can do this? I have thought about rolling my own, but do not want to duplicate somebody else's effort.
A cursory look for this sort of thing returned only one-way (hashing) encryption techniques. This leaves me back where I was, having to reset users passwords, rather than emailing it back to them.
I am not running a banking application here, so I am not too paranoid about security. But, it would be nice to have some reasonable level of encryption that is harder than rot13 to break.
Thoughts?
-Josh
"Joshua Beall" <jb****@donotspam.remove.me.heraldic.us> wrote in message
news:_t******************@nwrddc01.gnilink.net... Hi All,
I am not running a banking application here, so I am not too paranoid
about security. But, it would be nice to have some reasonable level of
encryption that is harder than rot13 to break.
Something like this would work:
define(A, '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm nopqrstuvwxyz');
define(B, 'fo2gFeBMQ45Vl3sDp1HGTYbz7vWdikU86taqSPE0muZOj9cKr xRLnJXhwyCIAN');
// str_shuffle(A)
function lamefish($text, $decrypt = false) {
return $decrypt ? strtr($text, B, A) : strtr($text, A, B);
}
Should be very hard to break if the passwords are strong. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: dracolytch |
last post by:
Hey gang,
I need to do some encryption/decryption on some strings, so that I
can pass information in the URL in plain sight. Unfortunately, I have
little control over this particular server, so...
|
by: Geoff Caplan |
last post by:
Hi folks,
I am looking for a practical way of sending encrypted strings back and
forth between a Python HTTP client on Windoze and an Apache/PHP server
on Linux. I am looking for a simple,...
|
by: VM |
last post by:
Does C# work with encryption and compression? I know that there are C#
Encryption class(es) but my client is also interested in compressing the
data. We want to use some encryption in the generated...
|
by: Bonj |
last post by:
I was in need of an encryption algorithm to the following requirements:
1) Must be capable of encrypting strings to a byte array, and decyrpting
back again to the same string
2) Must have the same...
|
by: no game |
last post by:
Can I encrypt data more than 117 bytes in C# (can use CAPICOM and
Crypto API libraries) using RSA 1024 bit.
Any sample code would be appreciated.
Thanks
|
by: Mitchell Vincent |
last post by:
As the subject suggests, I'm looking for a compression and encryption
component(s) for use with VB.NET. I would rather then be all managed code
but will use ActiveX/COM if I have to.. Price is...
|
by: j1mb0jay |
last post by:
I have had to create a simple string encryption program for coursework, I
have completed the task and now have to do a write up on how it could be
improved at a later date. If you could look...
|
by: Grant |
last post by:
I am trying to write a program in VB.NET that exchanges both strings and
files with a ColdFusion web server which is running on Debian. I
attempted to do so with the Chilkat...
|
by: Robert Blass |
last post by:
I am looking to get my feet wet with encryption. When I say encryption
program I am talking about something to get me off to a quick start.
Something very simple, far less than the 40+ bit...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |