I was thinking and searching about this topic all day I am just curious, If you know whats the best way to crypt information and still be able to decrypt them later own safely Please let me know . And wouldn't other people be able to decrypt data just like I did ? Thanks in advance, Kind Regards, Issa Shamoun.
http://www.zimuel.it/blog/2011/01/strong-cryptography-in-php/ http://www.ibm.com/developerworks/opensource/library/os-php-encrypt/ http://www.phpbuilder.com/board/showthread.php?t=10326721
framework that most modern packages use. http://www.openwall.com/phpass/ office php pages over it. http://www.php.net/manual/en/function.crypt.php Make sure the password has a number (0-9), Symbol's, and at least 8 char's long. That the user does not hand out the password and that your mysql calls are secure too. function md5crypt($password){ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ'.'abcdefghijklmnopqrstuvwxyz0123456789+/'; $salt='$1$'; for($i=0; $i<9; $i++){ $salt.=$base64_alphabet[rand(0,63)]; } return crypt($password,$salt.'$'); } PHP: function md5crypt($password) { $salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22); return crypt($password,$salt.'$'); } PHP:
You can use something like MD5(SHA1(MD5($password)))... Some people have MD5 Crackers, some people have SHA1 crackers but if you use the both together you can get good results...
try this one... function encrypt($pw) { $salt = sha1(strtotime('now')); $epw = md5($salt . md5($pw)); return $epw; } PHP:
Very helpful thank you for everyone who cared to post i think there is another which calls for mysql's function AES_ENCRYPT and AES_DECRYPT it is secure and it can be DECRYPTED easily.
You shouldn't encrypt your users' passwords in the traditional way, you should hash them. Hashing, via MD5, SHAx or SHAxxx hashes are one way and thus not reversible or 'decryptable'.
Are you sure they are safe ? i normally hash in SHA1 plus somebody suggested mixing hashes is this a good idea ? like md5(SHA1($var)); ?
So, why do you want to be able to decrypt the passwords? It adds a certain danger, and has got no additional value at all. If I were you, I would just hash the passwords, with both md5, and sha1. It is the safest.
The best way is to use one way hashing algorithms because nobody (not even you) can ever decrypt them. Some of one way hashing algos are: SHA-1, MD5, etc. And PHP has built in functions like md5(), sha1() for using them.
LoL? The best way is of course to create your own encryption functions. This way you'll be the only one who can decrypt the code.
the best way to encrypt your user password is add some salted string in user's password string, build a logic to add salt in user's password. ex. user password is "iamgreatcoder" then add special character after fourth character of the string, add some number in starting of the string etc... so, your string looks like "007iamg!@#reatcoder" After adding a salted string apply md5