Jump to content


Photo

Safest password encryption

password form encryption php safe

  • Please log in to reply
5 replies to this topic

#1 Hazukiy

Hazukiy

    Advanced Member

  • Members
  • PipPipPip
  • 125 posts
  • LocationEngland
  • Age:19

Posted 02 May 2013 - 06:42 PM

Hi, I'm just wondering but what is the best of best kind of encryption that you can get when encrypting passwords? Like what does Facebook use?

 

Thanks :)



#2 oaass

oaass

    Member

  • Members
  • PipPip
  • 29 posts
  • LocationNøtterøy, Vestfold, Norway

Posted 02 May 2013 - 07:17 PM

I would say that 12 rounds of blowfish with a salt generated by openssl_pseudo_random_bytes or mcrypt_create_iv for strong entropy should work fine... But remember. Nothing is stronger than its weakest link. So don't forget to enforce good password rules as well



#3 Yohanne

Yohanne

    Advanced Member

  • Members
  • PipPipPip
  • 185 posts

Posted 02 May 2013 - 08:31 PM

this is my way

public function cleared($data)
      {
	  $data = trim(htmlentities(strip_tags($data)));
	    if(get_magic_quotes_gpc())
	      {
		$data = stripslashes($data);
		$data = mysql_real_escape_string($data);
	      }
	return $data;
       }

public function set_post()
       {
	 foreach($_POST as $key => $values)
	     {
		$my_POST[$key] = $this->cleared($values);
	     }
	
       }

    $pass = $this->set_post(substr(sha1($this->set_post->$my_POST['pass']),18,7);

public function login_()
       {

	$cheked_user->set_result("SELECT pass FROM tbl_user_ WHERE pass = '$pass'");

       }



#4 DaveyK

DaveyK

    Advanced Member

  • Members
  • PipPipPip
  • 288 posts
  • LocationThe Netherlands

Posted 03 May 2013 - 01:31 AM

You should ask yourself what the kind of security you need. You can do whatever you want, adding hashes and encryptions as many times as you like: but does it add value?

 

I would use the PHP function crypt().



#5 Hazukiy

Hazukiy

    Advanced Member

  • Members
  • PipPipPip
  • 125 posts
  • LocationEngland
  • Age:19

Posted 03 May 2013 - 09:34 AM

You should ask yourself what the kind of security you need. You can do whatever you want, adding hashes and encryptions as many times as you like: but does it add value?

 

I would use the PHP function crypt().

 

Ah ok, thanks.



#6 ecce

ecce

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 03 May 2013 - 01:24 PM

This is what I use:

 

0. Sanitise input. addslashes() or whatever you like. If someone would like HTML code as password - why not?

1. Generate a salt, with something like $salt = hash('sha256', microtime());

2. Add salt to the chosen password. $password = $input_password.$salt;

3. Hash it. $pass_hash = hash('sha256', $password);

4. Store $pass_hash and $salt.

 

Hashing protects you if someone dumps your user database. Don't forget the UNENCRYPTED TRANSFER of password...  webmasters normally ignores the importance of buying a valid SSL certificate.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com