A blend of programming and seo

2-way encryption in PHP

by Roy (rawseo)

For most php applications, a 1-way hash such as md5 or sha1 is sufficient for storing passwords in a database. This is more secure, because passwords aren’t stored in plaintext and when a user does type in a password to login to the application, it is compared to a hash rather than the actual password. A problem with this method is that there is no way to get the original password. So if a user forgets their password, the only thing that you can do is reset (by generating a new one) it and send them this new password.

Reasons you might need the original password:

  • You are communicating with an external service such as twitter
  • It is more convenient to your users to send them their original password (although, this is slightly more insecure, because email is plain-text, and many users use the same password for multiple apps)

Built-in functions (requires mcrypt extension)

PHP has built-in functions for 2-way hashing called mcrypt. It supports: DES, TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB cipher modes,RC6 and IDEA.

Example of usage:

<?php
$key = "your key";
$input = "data to be encrypted";

$encrypted_data = mcrypt_ecb (MCRYPT_3DES, $key, $input, MCRYPT_ENCRYPT);
?>

The following is a class written all in PHP that supports AES 128 2-way encryption. The nice part, is that you don’t need any external libraries to use it.

Here is an example:

<?php
 require_once('aes128.php');
 $aes=new aes128();
 
$cipher=$aes->makeKey("0123456789abcdef");

//encrypt data using above cipher
 $encPassword=$aes->blockEncrypt("secretpass",$cipher);

//decrypt password using above cipher
 $decPassoword=$aes->blockDecrypt($encPassword,$cipher);   
 echo $decPassoword;
?>

Download here

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay
  • Reddit
  • Twitter
  • HackerNews
  • StumbleUpon
  • Technorati

6 comments

1 2-way encryption in PHP | A blend of programming and seo | { 05.05.09 at 10:50 am }

[...] is the original post: 2-way encryption in PHP | A blend of programming and seo Comments(0) Object [...]

2 Earman { 05.08.09 at 7:16 am }

There are some encryption add ons for php, whirlpool is my favorite!

3 Nathan Mahon { 05.08.09 at 7:32 am }

the external password use is the *only* valid reason to store any password in an unsafe manner.
using a 2-way encryption is only marginally safer than just storing it in your database in plaintext, because if your database is compromised, likely your key is as well. passwords should *never* be sent via email. Instead, a one-time use session key should be sent to allow a user to authenticate one-time via email, and change their password via the normal processes in your webapp. 2-way encryption should only be used when absolutely mandatory.

4 ??????? » [Web] ???? { 05.09.09 at 8:36 pm }

[...] 2-way encryption in PHP [...]

5 2-way encryption in PHP | A blend of programming and seo { 05.12.09 at 8:07 pm }

[...] rest is here: 2-way encryption in PHP | A blend of programming and seo Share and [...]

6 [??] ???? (?) | ??? - ???? - ???? - ???? - AppleBOY { 05.28.09 at 12:30 am }

[...] 2-way encryption in PHP [...]

Leave a Comment