开发者

PHP Two Way encryption with Salt

I'm trying to create a two way encryption algorithm for my users passwo开发者_JAVA百科rds. I need it to be encrypted but without the pre set encrypt pass (what i set)(salt?) the original password cannot be decrypted


For a two way encryption this is called "key", not "salt". Check out mcrypt functions.


It sounds like you want to use one-way, cryptographic hashing rather than two-way encryption. Here is a good example of best-practice password storage and validation:

To save it:

$userPasswordInput = $_POST['password'];

$salt = // ideally, generate one randomly and save it to the db, otherwise, use a constant saved to the php file

$password = sha1($userPasswordInput . $salt);

Save $password (and preferably $salt) to the db. When comparing, concatenate the salt and the user input, sha1 it (or whichever encryption), then compare it to the saved (encrypted + salted) password.


i did it this way:

create a $user + $password

$saltedHash = md5($salt.$password);

now you have an encrypted password($saltedHash) to save it to the db.

if somebody try to login, you do the same with the inputed password and compare it with the one in the db.


The easiest way (though very wasteful in terms of storage) is to generate a random string and XOR it to the password. (As someone already pointed out, this is called a key, not a salt.) This is called a one-time pad. As the name implies, you cannot reuse the same key for multiple passwords.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜