|
PHP - Php Equivalent For Java Triple Des Encryption/decryption
Hi All,
Am trying to decrypt a key encrypted by Java Triple DES function using PHP mcrypt function but with no luck. Find below the java code Code: [Select] package com.wipro; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; public class Encrypt3DES { private byte[] key; private byte[] initializationVector; public Encrypt3DES(){ } public String encryptText(String plainText, String key) throws Exception{ //---- Use specified 3DES key and IV from other source -------------- byte[] plaintext = plainText.getBytes(); byte[] myIV = key.getBytes(); byte[] tdesKeyData = {(byte)0xA2, (byte)0x15, (byte)0x37, (byte)0x08, (byte)0xCA, (byte)0x62, (byte)0xC1, (byte)0xD2, (byte)0xF7, (byte)0xF1, (byte)0x93, (byte)0xDF, (byte)0xD2, (byte)0x15, (byte)0x4F, (byte)0x79, (byte)0x06, (byte)0x67, (byte)0x7A, (byte)0x82, (byte)0x94, (byte)0x16, (byte)0x32, (byte)0x95}; Cipher c3des = Cipher.getInstance("DESede/CBC/PKCS5Padding"); SecretKeySpec myKey = new SecretKeySpec(tdesKeyData, "DESede"); IvParameterSpec ivspec = new IvParameterSpec(myIV); c3des.init(Cipher.ENCRYPT_MODE, myKey, ivspec); byte[] cipherText = c3des.doFinal(plaintext); sun.misc.BASE64Encoder obj64=new sun.misc.BASE64Encoder(); return obj64.encode(cipherText); } public String decryptText(String encryptText, String key) throws Exception{ byte[] initializationVector = key.getBytes(); byte[] tdesKeyData = {(byte)0xA2, (byte)0x15, (byte)0x37, (byte)0x08, (byte)0xCA, (byte)0x62, (byte)0xC1, (byte)0xD2, (byte)0xF7, (byte)0xF1, (byte)0x93, (byte)0xDF, (byte)0xD2, (byte)0x15, (byte)0x4F, (byte)0x79, (byte)0x06, (byte)0x67, (byte)0x7A, (byte)0x82, (byte)0x94, (byte)0x16, (byte)0x32, (byte)0x95}; byte[] encData = new sun.misc.BASE64Decoder().decodeBuffer(encryptText); Cipher decipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); SecretKeySpec myKey = new SecretKeySpec(tdesKeyData, "DESede"); IvParameterSpec ivspec = new IvParameterSpec(initializationVector); decipher.init(Cipher.DECRYPT_MODE, myKey, ivspec); byte[] plainText = decipher.doFinal(encData); return new String(plainText); } } Kindly help me find out an equivalent PHP code to decrypt. Regards Ranju Similar TutorialsI am trying to decrypt a code encrypted with XTEA. I have been using a script found here, http://goo.gl/xCpgs and it works within its own encrypt/decrypt example. The problem is that it will not decrypt a code given to me by my client. In the code examples description it says the "key" is 16 characters, but the key I have from my client is 32 characters so I think this may be part of the problem, but I cannot find out in the code how to make it work with a 32 char key (if that is even the issue). Below is the class from the link above and below that are sample encrypt and decrypt strings. If anyone can provide help or a better solution, it is greatly appreciated. My guess is that it is only allowing 16 of my 32 char key. I tried to use a 32 char key, but the code still seemed to only want 16. Help! I also read something about XTEA only working within the same code language each side of the crypt was made. Can anyone validate this? Code: [Select] <?php /* PHP Implementation of XTEA (www.php-einfach.de) * * XTEA was designed in 1997 by David Wheeler and Roger Needham * of the Cambridge Computer Laboratory. * It is not subject to any patents. * * It is a 64-bit Feistel cipher, consisting of 64 rounds. * XTA has a key length of 128 bits. * * * *********************** * Diese Implementierung darf frei verwendet werden, der Autor uebernimmt keine * Haftung fuer die Richtigkeit, Fehlerfreiheit oder die Funktionsfaehigkeit dieses Scripts. * Benutzung auf eigene Gefahr. * * Ueber einen Link auf www.php-einfach.de wuerden wir uns freuen. * * ************************ * Usage: * * include("xtea.class.php"); * * $xtea = new XTEA("secret Key"); * $cipher = $xtea->Encrypt("Hello World"); //Encrypts 'Hello World' * $plain = $xtea->Decrypt($cipher); //Decrypts the cipher text * * echo $plain; * */ class XTEA { //Private var $key; // CBC or ECB Mode // normaly, CBC Mode would be the right choice var $cbc = 1; function XTEA($key) { $this->key_setup($key); } //encrypt function encrypt($text) { $n = strlen($text); if($n%8 != 0) $lng = ($n+(8-($n%8))); else $lng = 0; $text = str_pad($text, $lng, ' '); $text = $this->_str2long($text); //Initialization vector: IV if($this->cbc == 1) { $cipher[0][0] = time(); $cipher[0][1] = (double)microtime()*1000000; } $a = 1; for($i = 0; $i<count($text); $i+=2) { if($this->cbc == 1) { //$text with last ciphertext XOR //$text is XORed with the previous ciphertext $text[$i] ^= $cipher[$a-1][0]; $text[$i+1] ^= $cipher[$a-1][1]; } $cipher[] = $this->block_encrypt($text[$i],$text[$i+1]); $a++; } $output = ""; for($i = 0; $i<count($cipher); $i++) { $output .= $this->_long2str($cipher[$i][0]); $output .= $this->_long2str($cipher[$i][1]); } return base64_encode($output); } //decipher function decrypt($text) { $plain = array(); $cipher = $this->_str2long(base64_decode($text)); if($this->cbc == 1) $i = 2; //Message start at second block else $i = 0; //Message start at first block for($i; $i<count($cipher); $i+=2) { $return = $this->block_decrypt($cipher[$i],$cipher[$i+1]); //Xor Linkage of $return and ciphertext from the last two blocks or sections //XORed $return with the previous ciphertext if($this->cbc == 1) $plain[] = array($return[0]^$cipher[$i-2],$return[1]^$cipher[$i-1]); else //EBC Mode $plain[] = $return; } for($i = 0; $i<count($plain); $i++) { $output .= $this->_long2str($plain[$i][0]); $output .= $this->_long2str($plain[$i][1]); } return $output; } //Prepare the key to decrypt ver / front function key_setup($key) { if(is_array($key)) $this->key = $key; else if(isset($key) && !empty($key)) $this->key = $this->_str2long(str_pad($key, 16, $key)); else $this->key = array(0,0,0,0); } //Performs a benchmark function benchmark($length=1000) { //1000 Byte String $string = str_pad("", $length, "text"); //Key-Setup $start1 = time() + (double)microtime(); $xtea = new XTEA("key"); $end1 = time() + (double)microtime(); //Encryption $start2 = time() + (double)microtime(); $xtea->Encrypt($string); $end2 = time() + (double)microtime(); echo "Encrypting ".$length." bytes: ".round($end2-$start2,2)." seconds (".round($length/($end2-$start2),2)." bytes/second)<br>"; } //verify the correct implementation of the blowfish algorithm function check_implementation() { $xtea = new XTEA(""); $vectors = array( array(array(0x00000000,0x00000000,0x00000000,0x00000000), array(0x41414141,0x41414141), array(0xed23375a,0x821a8c2d)), array(array(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f), array(0x41424344,0x45464748), array(0x497df3d0,0x72612cb5)), ); //Correct implementation? $correct = true; //Test vectors, see http://www.schneier.com/code/vectors.txt foreach($vectors AS $vector) { $key = $vector[0]; $plain = $vector[1]; $cipher = $vector[2]; $xtea->key_setup($key); $return = $xtea->block_encrypt($vector[1][0],$vector[1][1]); if((int)$return[0] != (int)$cipher[0] || (int)$return[1] != (int)$cipher[1]) $correct = false; } return $correct; } /*********************************** Some internal functions ***********************************/ function block_encrypt($y, $z) { $sum=0; $delta=0x9e3779b9; /* start cycle */ for ($i=0; $i<32; $i++) { $y = $this->_add($y, $this->_add($z << 4 ^ $this->_rshift($z, 5), $z) ^ $this-> _add($sum, $this->key[$sum & 3])); $sum = $this->_add($sum, $delta); $z = $this->_add($z, $this->_add($y << 4 ^ $this->_rshift($y, 5), $y) ^ $this->_add($sum, $this->key[$this->_rshift($sum, 11) & 3])); } /* end cycle */ $v[0]=$y; $v[1]=$z; return array($y,$z); } function block_decrypt($y, $z) { $delta=0x9e3779b9; $sum=0xC6EF3720; $n=32; /* start cycle */ for ($i=0; $i<32; $i++) { $z = $this->_add($z, -($this->_add($y << 4 ^ $this->_rshift($y, 5), $y) ^ $this->_add($sum, $this->key[$this->_rshift($sum, 11) & 3]))); $sum = $this->_add($sum, -$delta); $y = $this->_add($y, -($this->_add($z << 4 ^ $this->_rshift($z, 5), $z) ^ $this->_add($sum, $this->key[$sum & 3]))); } /* end cycle */ return array($y,$z); } function _rshift($integer, $n) { // convert to 32 bits if (0xffffffff < $integer || -0xffffffff > $integer) { $integer = fmod($integer, 0xffffffff + 1); } // convert to unsigned integer if (0x7fffffff < $integer) { $integer -= 0xffffffff + 1.0; } elseif (-0x80000000 > $integer) { $integer += 0xffffffff + 1.0; } // do right shift if (0 > $integer) { $integer &= 0x7fffffff; // remove sign bit before shift $integer >>= $n; // right shift $integer |= 1 << (31 - $n); // set shifted sign bit } else { $integer >>= $n; // use normal right shift } return $integer; } function _add($i1, $i2) { $result = 0.0; foreach (func_get_args() as $value) { // remove sign if necessary if (0.0 > $value) { $value -= 1.0 + 0xffffffff; } $result += $value; } // convert to 32 bits if (0xffffffff < $result || -0xffffffff > $result) { $result = fmod($result, 0xffffffff + 1); } // convert to signed integer if (0x7fffffff < $result) { $result -= 0xffffffff + 1.0; } elseif (-0x80000000 > $result) { $result += 0xffffffff + 1.0; } return $result; } //Einen Text in Longzahlen umwandeln //Covert a string into longinteger function _str2long($data) { $n = strlen($data); $tmp = unpack('N*', $data); $data_long = array(); $j = 0; foreach ($tmp as $value) $data_long[$j++] = $value; return $data_long; } //Longzahlen in Text umwandeln //Convert a longinteger into a string function _long2str($l){ return pack('N', $l); } } ?> Hi, Im using this code: Code: [Select] function encryptdata($data_input,$key){ $td = mcrypt_module_open('cast-256', '', 'ecb', ''); $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); mcrypt_generic_init($td, $key, $iv); $encrypted_data = mcrypt_generic($td, $data_input); mcrypt_generic_deinit($td); mcrypt_module_close($td); $encoded_64=base64_encode($encrypted_data); return $encoded_64; } function decryptdata($encoded_64,$key){ $decoded_64=base64_decode($encoded_64); $td = mcrypt_module_open('cast-256', '', 'ecb', ''); $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); mcrypt_generic_init($td, $key, $iv); $decrypted_data = mdecrypt_generic($td, $decoded_64); mcrypt_generic_deinit($td); mcrypt_module_close($td); return $decrypted_data; } To try to encrypt and decrypt some data, However the decrypted password has the first 2 letters missing. Whatever length string i put in its always the first 2 letters that go missing. I have tried multiple pieces of code over the internet with the exact same problem. Example: (Original Password, Encrypted Password, Decrypted Password) BEBw3nJ9rT y3CdmtNeTmhO3Jrq/00YOA== Bw3nJ9rT Any help? Thanks. P.s Yes i am using the same key for the encryption and decryption. Just wondering if anyone knew of one? I have been looking for ages but can't find what I need. In java: Code: [Select] public class Test { public static void main(String[] args) { System.out.println((byte)0xff); } } Outputs: Code: [Select] -1 I've tried things like <?php $var = pack('H', 0xff); echo $var; ?> But that doesn't output anything Hi, I am converting XML to DB and was wondering is it bad XML structure to have twin siblings (or triplets or identical siblings in general), what I mean is: eg: <email> <to> <toFirstName>John</toFirstName> <toLastName type="common">Smith</toLastName> </to> <to> <toFirstName>Jack</toFirstName> <toLastName type="unique">Dravisone</toLastName> </to> </email> Any help much appreciated! Hello everyone, I am trying triple drop down menu first and second menus are working but third one is not working and also the data is not being displayed on the webpage even though I have used "echo" command.. I am unsure what is the problem and how to correct it. So I am attaching my code in this email, could you please look into it and help me with it. I have 1st drop menu for State : Tennessee Alabama Georgia 2nd Drop down list for County: Anderson Bredford Benton 3rd Drop down list for Genus Acer Aristida Eg: Tennnesse -> Anderson, Bredford, Benton and Anderson -> Acer, Aristida and when I select Tennesse->Anderson->Acer it has to display all the information of the table based on these selected values. Could you please help me with this. This is my link for the complete code http://pastebin.com/vvLrpCcr The execution link is http://sozog.utc.edu/~tdv131/MYSQL/genus1c.htm This topic has been moved to Ajax Help. http://www.phpfreaks.com/forums/index.php?topic=328006.0 hello dear php-experts,
well i want to do some data-saving in the next few days. i have some data amount to store in a mysql-db.
well i am pretty sure this is a easy question for php-freaks
the question is: from plain-text to mysql-db: how to store a triple / array? how to store this data into a mysql-db have a dataset of 10 000 lines: {'data_1': 'data_2', 'data_3': 'data_4', 'data_5': 'data_6', 'data_7': 'data_8'}
how to store this dataset into the mysql db ? love to hear from you greetings This topic has been moved to Ajax Help. http://www.phpfreaks.com/forums/index.php?topic=331067.0 Is there an equivalent to * (any) in a $_SESSION? Something like this: foreach ($_SESSION['cart']['content'][*]['Large'] as $content) { Hi, i would like to translate this code to request the url http://www.google.com and get header response with file_get_contents into cUrl command. This is the file_get_contents version :
<?php
$options = array( 'http' => array(
'user_agent' => $_SERVER['HTTP_USER_AGENT'],
'max_redirects' => 7,
'timeout' => 120,
'follow_location' => false
) );
$context = stream_context_create( $options );
$page = @file_get_contents( 'http://www.google.com', false, $context );
print_r($http_response_header);
echo $page;
?>
Now, i have tried to translate it using cUrl with the code below but i don't get the same result, for example $http_response_header is void and you can test it yourself to see the difference :
<?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://www.google.com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); $page = curl_exec($ch); curl_close($ch); print_r($http_response_header); echo $page; ?>Thank you. Code: [Select] <?php error_reporting(0); $email = ""; $password = ""; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://www.myspace.com/auth/login"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)'); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, 'formLocation=splashForm&captchaHandler=%2FModules%2FPageEditor%2FHandlers%2FLogin%2F%7B0%7D.ashx&captchaResponse=&hash=MIGcBgkrBgEEAYI3WAOggY4wgYsGCisGAQQBgjdYAwGgfTB7AgMCAAECAmYDAgIAwAQIWWaRadlhotEEEA15tDCUhuiBjy8nd6RN3nEEUOoYRIpPoA1uOadO5d%252bIlVuABvbaJHaznd%252fYWuR4TWNS2GUAl1G3GQZjRPA3SL%252fUrRZuPbiFT3fBtQzYnvOaR1sP8KzrzVcLGCeUlIObGSsg&SMSVerifiedCookieToken=&NextPage=&js=1&Email='.urlencode($email).'&Password='.urlencode($password).'&Remember=true&loginBtn='); curl_setopt($ch, CURLOPT_REFERER,'http://www.myspace.com/index.cfm?fuseaction=splash'); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_COOKIEFILE, 'login.txt'); curl_setopt($ch, CURLOPT_COOKIEJAR, 'login.txt'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_VERBOSE, 0); file_put_contents('output.txt', curl_exec($ch)); curl_setopt($ch, CURLOPT_URL, "http://www.myspace.com/games/play/104283"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)'); curl_setopt($ch, CURLOPT_POST, 0); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_COOKIEFILE, 'login.txt'); curl_setopt($ch, CURLOPT_COOKIEJAR, 'login.txt'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $output2=curl_exec($ch); if(stristr($output2, 'render.app#')){ preg_match('/\sid="apppanel_104283_canvas".*?render.app#([^&]+).*?viewerId=([0-9]+)/is', $output2, $matches); $GameLink = "http://api.msappspace.com/apprendering/104283/canvas/04082011040014/1_0_0/render.app#".$matches[1]; echo '<font style="BACKGROUND-COLOR: 15317E"><a href="'.$GameLink.'"><font color="white">'.$email.'</font>'; } sleep(1000); curl_close($ch); ?> I know this is possible to do the same exact thing with fsockopen, but I cannot get it for the life of me, any help is appreciated Hi Guys
I am fairly new to php, I am trying to build a registration form but I am struggling with encrypting the password (I will also be salting the password at a later stage to make it more secure).
The below line of code encrypts the password but saves the values as the values states in the code e.g password saves as 'pass'
$q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('first_name','last_name','email', SHA1('pass'), NOW())";
The below code saves all the values that the user inputs xcept the password which is blank and the message 'Undefined index: SHA1('pass')' is returned
$q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES ('".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','".$_POST["SHA1('pass')"]."', NOW())";
I am hoping someone may be able to help me as I have no idea how to fix this. Thank you in advance
Hi Guys,
First off, not sure if this is the correct area to post. My question is a little bit mixed, including SQL and PHP.
I'm building a basic private messaging system, and planned to use PHP, SQL for the storage, and a little bit of JS on the client. I'm a little confused when it comes to encryption though. My understanding with user password encryption is that the password is stored in the database as a hash, and then a user sent password is compared to the original hash for verification. I've implemented this successfully using password_verify() and password_hash() functions, and I'm pretty sure it's working fine.
However, my big question is in regards to the storage of message data. As far as I can tell, this system won't work, it's really only suitable for password verification because the hash can't really be reverted to the original data, it can only be compared? How should I go about encrypting message data? Is it possible? If I open up a SQL database containing private message data on a server, I don't want to be able to read the contents.
Any help would be greatly appreciated!
I seen the sticky but that didn't have my answer and no place I go is really answering my core question. This just doesn't make sense in my brain, how is using md5 safe. What if someone got say an encrypted pass. The code md5 uses is available to anyone, no? So if they got a hold of it how is it not as easily cracked as it is encrypted. Someone please explain this to me lol, it's like a thorn in my brain. Hi guys, i'm new to this forum, and a junior php guy.
i need to encrypt a google address like this:
https://redirector.g...=web&cver=html5
i use picasa for my client to store car video etc to show and i want embed in iframe with a jwplayer that i'm customizing.
i see some sample that transform a address like this https://redirector.g...=web&cver=html5 in something like this --> http:\/\/r20---googlevideo.com\/picasa\/redirect.php?encrypt=0f10fd0fd0f90c30b80b80fb0ee0ed0f20fb0ee0ec0fd0f80fb0b70f00f80f80f00f50ee0ff0f20ed0ee0f80b70ec0f80f60b80ff0f20ed0ee0f80f90f50ea1020eb0ea0ec0f40c80f20ed0c60bc0bc0bc0be0c00bb0c00c00c10ed0bf0ed0ee0b90bb0bb0af0f20fd0ea0f00c60bb0bb0af0fc0f80fe0fb0ec0ee0c60f90f20ec0ea0fc0ea0af0ec0f60f80c60fc0ee0f70fc0f20fd0f20ff0ee0e80ec0f80f70fd0ee0f70fd0ae0bc0cd1020ee0fc0af0f20f90c60b90b70b90b70b90b70b90af0f20...etc etc...
i see that there is a redirect.php?encrypt=....... how i can do that?
Thanks in advance 'cause frankly speaking i don't know also what i must search on google.
Hey, I'm a bit stuck. I'm looking for a simple yet secure way to encrypt a string (not hash, I need to retrieve it later) so that I can store legally sensitive data which I need to use again later. I am aware that any kind of reversable data is by nature not properly secure, but it's not my decision. I'd rather see if there's a pre-built function or class for this rather than just writing my own, which wouldn't be too good Thanks in Advance Gareth I would like to add md5 encryption into the create and login functions but I'm having difficulties with the process. user.php - create user and login functions Code: [Select] <?php function create_user($params) { db_connect_posts(); $query = sprintf("INSERT INTO users SET users.screen_name = '%s', users.user_email = '%s', users.user_pwd = '%s', users.image = '%s', created_at = NOW()" , mysql_real_escape_string($params['screen_name']), mysql_real_escape_string($params['user_email']), mysql_real_escape_string($params['user_pwd']), mysql_real_escape_string($params['image']) ); $result = mysql_query($query); if(!$result) { return false; } else { return true; } } function login($username, $password) { db_connect_posts(); $query = sprintf("SELECT * FROM users WHERE user_email = '%s' AND user_pwd = '%s'" , mysql_real_escape_string($username), mysql_real_escape_string($password) ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); $_SESSION['user'] = $row; return true; } ?> Register form: Code: [Select] <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/signup" method="post"> <fieldset> <legend>Register</legend> <div> <label>Screen Name</label> <input name="user[screen_name]" size="40" type="text" /> </div> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <div> <label>Image</label> <input name="user[image]" size="40" type="text" /> </div> <input type="submit" name="Register" value="Register" /> </fieldset> </form> Login form: Code: [Select] <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/login_user" method="post"> <fieldset> <legend>Login</legend> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <input type="submit" value="Login" /> </fieldset> </form> Dear All respective friend, I'm asking for help. during I know how to code in php. I alway use md5() but I had some problem with abit. can anyone introduce me with persona code encryption without using md5()? Your ideal are very important to me especially small example code. Looking forward from you soon. Kindly Regards, Steve. Hy 2 all, I have some questions about password security that I haven't been able to find an answer yet. Hopefully you guys know. Here it goes: 1. Is it better to hash(sha2) the password and then salt it or salt it and than hash it ? 2. I'm guessing that using a random salt is better than the same salt used for every password. 3. How can you generate a different random salt for each password ? I mean how will the login page know which random salt to mix with the hashed user inserted password and then to compare it with the password stored in the db. (an example would be great(for both: generating and authentication) 4. I saw some codes in which the salt and/or hash and/or password was split into two (ex: hash.salt1a.password.salt1b or password1a.salt.password1b or salt.hash1a.password.hash1b etc.) Is this a good idea ? Is it really more secure ? If so which would be more secure (splitting the password, the hash or the salt) ? 5. Is double hashing (ex: (sha1(md5($password))) any good ? 6. I've been reading something about password salt and pepper ?? What exactly is pepper ? Is it some sort of second salt ? If somebody could enlighten me about these questions, that would be great. Thanks in advance! I am looking for a way to encrypt a string using PKCS7. I have seen openssl_pkcs7_encrypt() but this involves the creation of temporary files which I don't really need. Is there a way to do this? |
|||||||