<- Back Granite empire cincinnati oh: sports and things to do cincinnati granite countertops.

Encrypting passwords with PHP

No picture found

Info: Posted in: Learned along the way
By: Blockcoder ( Admin ) / October 14th, 2011
Stats: one response / Views: 565

Basics of encrypting

Okay, lets say you have a password “idkfa“. You want to make md5 hash for it:


encrypting_function( 'idkfa' );
 

function encrypting_function( $pass ) {
      //$pass = idkfa
      return md5( $pass );
   }

//Your "idkfa" password will now be a hashed string: "1832116180fdc61b64fd978401e462e9".

So, it makes md5 hash for your string. It is very important that you know that md5 hash does exactly the same encryption to exactly the same string, there won’t be any random encryption. The hash is also case-sensitive.

Case-sensitiveness

I will show you now what I ment:


echo md5( 'idkfa' );
echo md5( 'iDkfa' ); //notice that the letter d is now uppercase D!

Output of the 'idkfa' is still the same = "1832116180fdc61b64fd978401e462e9"
But, the output for the 'iDkfa' = "923b68deed11c6964f3934977a9021af"

As you may notice, they completely different.

Comparing md5 hashed strings

As the two strings are different — you can encrypt your strings ( passwords etc.. ) and compare them to other encrypted passwords:


compare_passwords( 'iddqdddd' );

function compare_passwords( $passwd2 ){
     
     $passwd1 = md5( 'iddqd' );
     $encrypted_passwd2 = md5( $passwd2 )

     if ( $passwd1 != $encrypted_passwd2  )

             {
                 echo "passwords are different!";
             }

     else { echo "passwords are the same!"; }
  }

In this case the output will be “passwords are different!“. The encryption of these two strings will be:

  • iddqd = 73bcaaa458bff0d27989ed331b68b64d
  • iddqdddd = 0822edfa02c6c7d1e441630481bd043f

As you compare these hashes, they are completely different.

One salting technique with php

Now it’s time for a salting technique. If you really want to secure your data, you should practice how to salt things:

function salt_encryption( $password ){
         
         //salt could be any random string you want
         $salt = "idsjkaso34fdk32DFds3";

         //lets do some salting
         $password = md5( $password );
         $password = $password.$salt.$salt; // hashed password + 2 x salt strings.

         return $password;
   }

After this, your password is “salted“.

Thank you, I hope this helps somehow to understand what md5 hash does — and what salting is!

There are 1 responses on this post

抓姦
good opinion! You might want to follow up to this topic right;3

Leave a Reply

Your email address will not be published. Required fields are marked *

*

7,964 Spam Comments Blocked so far by Spam Free Wordpress

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>