random1 Posted February 25, 2008 Share Posted February 25, 2008 Hey All, What's the best encryption method for use in a PHP business web application? I've heard about AES 128 and AES 256 being really good but I can't find any PHP code to do this. I have a method so far that does the following cryptography methods: * SHA1 * SHA1a * SHA1b * SHA256 * SHA384 * SHA512 * base64 * md5-32bit * md5-128bit * checksum-32bit Quote Link to comment Share on other sites More sharing options...
priti Posted February 25, 2008 Share Posted February 25, 2008 i had seen lot of people opting for md5() one-way encryption and sha let someone else also pop up with some more specific one. Quote Link to comment Share on other sites More sharing options...
random1 Posted February 29, 2008 Author Share Posted February 29, 2008 Noone has any ideas about this? Does anyone use encryption for passwords in databases? Quote Link to comment Share on other sites More sharing options...
khristian Posted February 29, 2008 Share Posted February 29, 2008 For every website I have ever done that uses passwords in a database I sue MD5 $password = MD5($password) so even the word password becomes 5f4dcc3b5aa765d61d8327deb882cf99 Quote Link to comment Share on other sites More sharing options...
Psycho Posted March 1, 2008 Share Posted March 1, 2008 Does anyone use encryption for passwords in databases? Um, no. You use a hash for a password, which is not really encryption. With a hash there is no way to deduce the original value from the hashed value. And before anyone pipes up saying there are plenty of sites that can get the value of an MD5 hash, those sites use a rainbow table of known hashed values. That is not unencrypting something. Hashing is good for passwords, because you never really need to know the password. When the user logs in you just take their entered value, hash it, and see if it matches the value in the database. When hashing a password it is a good idea to use a "salt" (this is additional information added tot he hashed value) or multiple hashes this makes it impossible for someone to 'crack' the password unless they have knowledge of your method. For example if username cannot be changed then you can use that as a salt" $hased_password = MD5(SHA($password.$username)); Encryption is used when yuo want to secure a value, but you must be able to retrieve the original value. This would be if you needed to store CC info so the user could make a purchase with their saved CC info, for instance. Quote Link to comment Share on other sites More sharing options...
IT-Guy Posted March 1, 2008 Share Posted March 1, 2008 I concur with the post above. Also, if you are asking what types of encryption to use, check GPG, MD5, there are several Quote Link to comment Share on other sites More sharing options...
peranha Posted March 1, 2008 Share Posted March 1, 2008 I use sha as well $passwordHash = hash('SHA512', $password.$salt); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.