cooldude832 Posted June 4, 2007 Share Posted June 4, 2007 I'm wanting to one way encrypt passwords users enter into my database using the crypt(); function. However as I read tutorial after tutorial i'm very confused on the syntax of using a salt to ensure you get the same results both ways. After reading a bit I think baublefish is the best encryption method, but how do I actually write it out. $password = $_REQUEST['password']; $cryptpassword = crypt($password,??????????); Link to comment https://forums.phpfreaks.com/topic/54122-need-help-1-way-encrypting-passwords/ Share on other sites More sharing options...
per1os Posted June 4, 2007 Share Posted June 4, 2007 I would use www.php.net/md5 if I were you. Look at the user comments for some good ways to create nice hashes. www.php.net/crypt those user comments may have some suggestions too. Link to comment https://forums.phpfreaks.com/topic/54122-need-help-1-way-encrypting-passwords/#findComment-267562 Share on other sites More sharing options...
cooldude832 Posted June 4, 2007 Author Share Posted June 4, 2007 so i have to develop my own hash? or are there pre built ones? Link to comment https://forums.phpfreaks.com/topic/54122-need-help-1-way-encrypting-passwords/#findComment-267563 Share on other sites More sharing options...
ToonMariner Posted June 4, 2007 Share Posted June 4, 2007 what you need is md5 or sha1 (the latter being my prefered option); beaten to it because of coffe in one hand grrrr Link to comment https://forums.phpfreaks.com/topic/54122-need-help-1-way-encrypting-passwords/#findComment-267564 Share on other sites More sharing options...
cooldude832 Posted June 4, 2007 Author Share Posted June 4, 2007 so sha1 doesn't require a user salt added i can just say: $password = sha1($_REQUEST['password']); and then compare $sql "SELECT * FROM USERS WHERE Password = '$password'"; is it secure to passs the password with POST or is there some encryption I should include on my form? Link to comment https://forums.phpfreaks.com/topic/54122-need-help-1-way-encrypting-passwords/#findComment-267567 Share on other sites More sharing options...
per1os Posted June 4, 2007 Share Posted June 4, 2007 With md5 your could would look like this: <?php $password = $_REQUEST['password']; $cryptpassword = md5($password); Simple as that. Link to comment https://forums.phpfreaks.com/topic/54122-need-help-1-way-encrypting-passwords/#findComment-267568 Share on other sites More sharing options...
per1os Posted June 4, 2007 Share Posted June 4, 2007 so sha1 doesn't require a user salt added i can just say: $password = sha1($_REQUEST['password']); and then compare $sql "SELECT * FROM USERS WHERE Password = '$password'"; is it secure to passs the password with POST or is there some encryption I should include on my form? Secure enough as long as you aren't passing credit card information, than you would want an SSH server which would encrypt the data anyhow. But yea, just do not store the un-encrypted password in the session or the cookie. Anytime you reference that password in code it should be verifying it with the encrypted version, do that and you will be alright. Link to comment https://forums.phpfreaks.com/topic/54122-need-help-1-way-encrypting-passwords/#findComment-267572 Share on other sites More sharing options...
cooldude832 Posted June 4, 2007 Author Share Posted June 4, 2007 I'm using 1 way into the table and then if a recovery is needed i have a function that generates a random alphanumeric 6 character phrase that it will reset the password to and the email it to the user. Link to comment https://forums.phpfreaks.com/topic/54122-need-help-1-way-encrypting-passwords/#findComment-267578 Share on other sites More sharing options...
per1os Posted June 4, 2007 Share Posted June 4, 2007 Sounds secure enough, thats the way my site is setup. Link to comment https://forums.phpfreaks.com/topic/54122-need-help-1-way-encrypting-passwords/#findComment-267581 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.