Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
how to encrhypt password to md5 format
- Thread starter hex6007
- Start date
Hi, if you look here:
The manuals example has what you need.
If you look good at that sample, you see the str is the password in the clear text.
In this example, the md5($str) is compared to an already known md5 (usually retrieved from your db).
To generate the md5 password for your db, you will also have to md5() that, before inserting into the db.
Olav Alexander Mjelde
Admin & Webmaster
The manuals example has what you need.
Code:
<?php
$str = 'apple';
if (md5($str) === '1f3870be274f6c49b3e31a0c6728957f') {
echo "Would you like a green or red apple?";
exit;
}
?>If you look good at that sample, you see the str is the password in the clear text.
In this example, the md5($str) is compared to an already known md5 (usually retrieved from your db).
To generate the md5 password for your db, you will also have to md5() that, before inserting into the db.
Olav Alexander Mjelde
Admin & Webmaster
Hi
Just as a note, storing the password encrypted is just one step for the security. It should be also sent encrypted. I suggest to read Login System by Paul Johnston.
Feherke.
Just as a note, storing the password encrypted is just one step for the security. It should be also sent encrypted. I suggest to read Login System by Paul Johnston.
Feherke.
Remember that md5 is not encryption it is a hash function, so it's best to add a secret phrase to the password when you md5 it e.g. md5($password . "mysecretphrase");
You then have the issue of keeping your secret phrase secret !.
For most uses I would think md5 with a phrase will be suffiecnet to protect
You then have the issue of keeping your secret phrase secret !.
For most uses I would think md5 with a phrase will be suffiecnet to protect
Code:
function my_encrypt($string,$key) {
srand((double) microtime() * 1000000); //for sake of MCRYPT_RAND
$key = md5($key); //to improve variance
/* Open module, and create IV */
$td = mcrypt_module_open('des', '','cfb', '');
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
$iv_size = mcrypt_enc_get_iv_size($td);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
/* Initialize encryption handle */
if (mcrypt_generic_init($td, $key, $iv) != -1) {
/* Encrypt data */
$c_t = mcrypt_generic($td, $string);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$c_t = $iv.$c_t;
return $c_t;
} //end if
}
MichealC4
Programmer
- Jun 26, 2003
- 457
As suggested above, I would highly recommend salting when using MD5 (or any hashing method for that matter). is something to look in to if you are doing anything serious (though there are others and other ways). It salts and makes the password/phrase pretty much impregnable to things like rainbow table attacks.
I would also highly recommend you don't use the same salt for each password/phrase. Once the salt is found, it is game over all over again. Using a different salt for each password/phrase hashing compartmentalizes each one so that the compromise of one salt won't mean all of them are compromised.
----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
I would also highly recommend you don't use the same salt for each password/phrase. Once the salt is found, it is game over all over again. Using a different salt for each password/phrase hashing compartmentalizes each one so that the compromise of one salt won't mean all of them are compromised.
----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
- Status
Similar threads