Thanks alot for your help, however, I am using 4.3.9, sorry I should have mentioned this to begin with, the code you gave strictly php5?
Thread: Password encoding/decoding - PHP  |
|||||||||||||
|
Started 2 years, 2 months ago by ezb
I am currently building an online system, it has come to the point to think about securing peoples passwords. How ever, for admin reasons I was wondering if it was possible to decode the encoded password, I believe this is not possible with md5 but hoping there is another method?
Any help would be geat, also any other information regarding safety, thanks.
|
|
||||||||||||
|
|||||||||||||
Other posts in this thread:
ezb replied 2 years, 2 months ago
Size: 260 bytes
Customize: 
stymiee replied 2 years, 2 months ago
Here is a good PHP5 class that uses the mcrypt library for two way encryption.
php Syntax ( Toggle Plain Text ) <?php class Encryption { static $cypher = 'blowfish' ; static $mode = 'cfb' ; static $key = '1a2s3d4f5g6h' ; public function encrypt ( $plaintext ) { $td = mcrypt_...
Size: 8,203 bytes
Customize:
stymiee replied 2 years, 2 months ago
It can be changed to work with PHP 4. You just need to change the PHP 5 features to 4:
php Syntax ( Toggle Plain Text ) <?php class Encryption { var $cypher = 'blowfish' ; var $mode = 'cfb' ; var $key = '1a2s3d4f5g6h' ; function Encryption ( ) { // do nothing }...
Size: 7,901 bytes
Customize:
bennyfreshness replied 1 month, 3 weeks ago
can this store, say for instance, a PayPal token that I am supposed to keep hidden?
Size: 210 bytes
Customize:
jomanlk replied 1 month, 3 weeks ago
You can do it at the database level as well if you want.
For INSERT
Help with Code Tags PHP Syntax ( Toggle Plain Text ) $aes_key = "EF77FHH7-E6G1-31y4-w2D7-G4gH8HWF20H1" ; $sql = "INSERT INTO user(username, pass) VALUES ('bob', AES_ENCRYPT('password', '$aes_key' ))" ; $aes_key = "EF77FHH7-E6G1-31y4-w2D7-G4gH8HWF20H1";
$sql = "INSERT INTO ...
Size: 3,073 bytes
Customize:
Atli replied 1 month, 3 weeks ago
Hey.
Be careful if you do this in a SQL query tho. Some MySQL servers use plain-text query logs, so while your passwords might be encrypted in the database itself, they would be stored in their original form in the logs.
See these two pages in the manual for details on that.
Size: 659 bytes
Customize:
jomanlk replied 1 month, 3 weeks ago
@Atli
Good point. I didn't know this. This can be a problem if your MySQL server is not controlled by you alone.
Size: 246 bytes
Customize:
digital-ether replied 1 month, 3 weeks ago
• • • • Originally Posted by ezb I am currently building an online system, it has come to the point to think about securing peoples passwords. How ever, for admin reasons I was wondering if it was possible to decode the encoded password, I believe this is not possible with md5 but hoping there is another method?
Any help would be geat, also any other...
Size: 1,547 bytes
Customize:
Atli replied 1 month, 3 weeks ago
@digital-ether
I agree with you 100%, although 100.000 iterations seem a bit excessive to me. (But that's just me :-P)
However, I got to ask why you specifically mention high memory usage?
Size: 373 bytes
Customize:
jomanlk replied 1 month, 3 weeks ago
I think she recommended high memory usage so that the effort needed to try to recreate/hack any of the passwords would be excessive and not worth it. But if you use up that much processing/memory, wouldn't you make it untenable to be used within a login/registering system? For even a reasonable amount of requests even.
Size: 447 bytes
Customize:
|
Top contributing authorsRelated threads on "www.daniweb.com - IT Tech Talk":Related threads on other sites: |
||||||||||||
Thread profile page for "Password encoding/decoding - PHP" on http://www.daniweb.com.
This report page is a snippet summary view from a single thread "Password encoding/decoding - PHP", located on the Message Board at http://www.daniweb.com.
This thread profile page shows the thread statistics for: Total Authors, Total Thread Posts, and Thread Activity
Home |
About Us |
Submit Your Site |
Update Your Site |
Get Search For Your Site |
Partners |
Contact |
Search Plugin |
Blog |
 |
Last Searches | Top Searches |
Designated brands and trademarks are property of their respective owners.
Use of this website constitutes acceptance of BoardReader's User Agreement and Privacy Policy.