Take a look at http://php.net/manual/en/function.crypt.php
If you scroll down about 1/3, you should see the heading: Example #3 Using crypt() with different hash types
. Hopefully this will help! and your salt should be fine!
Вопрос
Possible Duplicate:
Best way to use PHP to encrypt and decrypt passwords?
I've been doing a lot with PHP recently and want to make my first login/registration system. As such I've been doing a lot of reading online to figure out the best method(s) for doing this. I've come across a couple of guides and I'm confused on a few instances and I'd like to be sure before I start down this road.
My question is how exactly do I use blowfish? I've read that crypt() will auto select blowfish if an appropriate salt is provided. If that is the case, What makes a salt blowfish appropriate?
Right now, I have a script that makes a salt out of the date and time, a random number, then hash that for the salt. Is that something I can use with blowfish or not?
Решение 2
Take a look at http://php.net/manual/en/function.crypt.php
If you scroll down about 1/3, you should see the heading: Example #3 Using crypt() with different hash types
. Hopefully this will help! and your salt should be fine!
Другие советы
In short: don't build it yourself. Use a library.
In PHP 5.5, there will be a new API available to make this process easier on you. Here's the RFC for it.
I've also created a backwards-compatibility library for it here: password-compat:
$hash = password_hash($password, PASSWORD_BCRYPT);
And then to verify:
if (password_verify($password, $hash)) {
/* Valid */
} else {
/* Invalid */
}
And if you want another library, check out phpass
In short, don't do it yourself. There's no need. Just import the library and be done with it...
Try this - its untested, I just whipped it up to show how to use the BLOWFISH algo with PHP
<?php
class cipher {
private static $mode = 'MCRYPT_BLOWFISH';
private static $key = 'q!2wsd#45^532dfgTgf56njUhfrthu&^&ygsrwsRRsf';
public static function encrypt($buffer){
$iv = mcrypt_create_iv(mcrypt_get_iv_size(constant(self::$mode), MCRYPT_MODE_ECB), MCRYPT_RAND);
$passcrypt = mcrypt_encrypt(constant(self::$mode), self::$key, $buffer, MCRYPT_MODE_ECB, $iv);
$encode = base64_encode($passcrypt);
return $encode;
}
public static function decrypt($buffer){
$decoded = base64_decode($buffer);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(constant(self::$mode), MCRYPT_MODE_ECB), MCRYPT_RAND);
$decrypted = mcrypt_decrypt(constant(self::$mode), self::$key, $decoded, MCRYPT_MODE_ECB, $iv);
return $decrypted;
}
}
?>
IMPORTANT!! CHANGE THE $key VALUE TO ANOTHER RANDOM STRING!
Usage:
To Encrypt:
$mystring = 'a quick brown fox jumped over the lazy llama'; $mystring = cipher::encrypt($mystring);
To Decrypt:
$mystring = cipher::decrypt($myencryptedstring);