Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
crypt, encrypt, and decrypt problem 1
- Thread starter minsan
- Start date
-
1
- #2
crypt is a one way algorithm very much like md5 but utilizes STANDARD DES, EXTENDED DES, MD5, AND BLOWFISH with a salt and no public/private key pairs.
If you want two way encryption schemes, you must either create your own (can be quite tedious), or you can use mcrypt_xxx(). mcrypt_xxx() support has to be configured for PHP. You can check to see if you have it by using phpinfo();
If you do have mcrypt, you can do this to see what your algorithm names are:
<HTML>
<HEAD>
<TITLE>mcrypt_get_cipher_name</TITLE>
</HEAD>
<BODY>
<?
//create array of encryption algorithms
$algorithm = array(3DES, 3WAY, BLOWFISH_128, BLOWFISH_192, BLOWFISH_256,BLOWFISH_448, CAST_128, CAST_256, DES, GOST, IDEA, LOKI97,RC2_1024, RC2_128, RC2_256, RC4, RC6_128, RC6_192, RC6_256,RIJNDAEL_128, RIJNDAEL_192, RIJNDAEL_256, SAFERPLUS,SAFER_128, SAFER_64, SERPENT_128, SERPENT_192, SERPENT_256,TWOFISH_128, TWOFISH_192, TWOFISH_256, XTEA);
echo "<TABLE BORDER=\"1\">\n";
echo " <TR>\n";
echo " <TH>Name</TH>\n";
echo " <TH>Block Size</TH>\n";
echo " <TH>Key Size</TH>\n";
echo " </TR>\n";
//loop over each one
foreach($algorithm as $value){
echo " <TR>\n";
echo " <TD>" . mcrypt_get_cipher_name($value) . "</TD>";
echo " <TD>" . mcrypt_get_block_size($value) . "</TD>";
echo " <TD>" . mcrypt_get_key_size($value) . "</TD>";
echo " </TR>\n";
}
echo "</TABLE>\n";
?>
</BODY>
</HTML>
Chad. ICQ: 54380631
If you want two way encryption schemes, you must either create your own (can be quite tedious), or you can use mcrypt_xxx(). mcrypt_xxx() support has to be configured for PHP. You can check to see if you have it by using phpinfo();
If you do have mcrypt, you can do this to see what your algorithm names are:
<HTML>
<HEAD>
<TITLE>mcrypt_get_cipher_name</TITLE>
</HEAD>
<BODY>
<?
//create array of encryption algorithms
$algorithm = array(3DES, 3WAY, BLOWFISH_128, BLOWFISH_192, BLOWFISH_256,BLOWFISH_448, CAST_128, CAST_256, DES, GOST, IDEA, LOKI97,RC2_1024, RC2_128, RC2_256, RC4, RC6_128, RC6_192, RC6_256,RIJNDAEL_128, RIJNDAEL_192, RIJNDAEL_256, SAFERPLUS,SAFER_128, SAFER_64, SERPENT_128, SERPENT_192, SERPENT_256,TWOFISH_128, TWOFISH_192, TWOFISH_256, XTEA);
echo "<TABLE BORDER=\"1\">\n";
echo " <TR>\n";
echo " <TH>Name</TH>\n";
echo " <TH>Block Size</TH>\n";
echo " <TH>Key Size</TH>\n";
echo " </TR>\n";
//loop over each one
foreach($algorithm as $value){
echo " <TR>\n";
echo " <TD>" . mcrypt_get_cipher_name($value) . "</TD>";
echo " <TD>" . mcrypt_get_block_size($value) . "</TD>";
echo " <TD>" . mcrypt_get_key_size($value) . "</TD>";
echo " </TR>\n";
}
echo "</TABLE>\n";
?>
</BODY>
</HTML>
Chad. ICQ: 54380631
- Thread starter
- #3
Yep. If you are using encryption for password, you won't need to decrypt them.
There are a number of ways you can do this, but here is one scenario:
Login:
username: chad
password: mypass
Verification:
$private_key = "fsdafdsafjdksalfjdsa";
$q = "SELECT COUNT(*) as found FROM users WHERE username='$username' AND password=ENCRYPT($password,$private_key)";
$r = mysql_query($q);
$c = mysql_fetch_array($r);
if($c["found"] > 0) {
......and stuff here for success
}
else {
......and stuff here for failure.
}
basically, MySQL's ENCRYPT(STR,SALT); uses UNIX crypt(). When a user registers, we insert the user information into the table using the same ENCRYPT() function for the password (making sure to use the same salt as well). Now we just have to see if the username and encrypted passwords match.
Really, you should only use bi-directional encryption if you require the passing of data to and from different sources where the other source has to be able to decrypt the data to read it.
md5 and the other algorithms used by crypt (which MySQL's ENCRYPT() function uses), have been proven to be 99.99% hack free as long as you use a good salt.
Chad. ICQ: 54380631
There are a number of ways you can do this, but here is one scenario:
Login:
username: chad
password: mypass
Verification:
$private_key = "fsdafdsafjdksalfjdsa";
$q = "SELECT COUNT(*) as found FROM users WHERE username='$username' AND password=ENCRYPT($password,$private_key)";
$r = mysql_query($q);
$c = mysql_fetch_array($r);
if($c["found"] > 0) {
......and stuff here for success
}
else {
......and stuff here for failure.
}
basically, MySQL's ENCRYPT(STR,SALT); uses UNIX crypt(). When a user registers, we insert the user information into the table using the same ENCRYPT() function for the password (making sure to use the same salt as well). Now we just have to see if the username and encrypted passwords match.
Really, you should only use bi-directional encryption if you require the passing of data to and from different sources where the other source has to be able to decrypt the data to read it.
md5 and the other algorithms used by crypt (which MySQL's ENCRYPT() function uses), have been proven to be 99.99% hack free as long as you use a good salt.
Chad. ICQ: 54380631
- Status
Similar threads
- Locked
- Question
