Exactly how do I use blowfish in PHP? [duplicate]

Question

This question already has answers here:

Two-way encryption: I need to store passwords that can be retrieved (8 answers)

Closed 8 years ago.

Possible Duplicate:
Best way to use PHP to encrypt and decrypt passwords?

I've been doing a lot with PHP recently and want to make my first login/registration system. As such I've been doing a lot of reading online to figure out the best method(s) for doing this. I've come across a couple of guides and I'm confused on a few instances and I'd like to be sure before I start down this road.

My question is how exactly do I use blowfish? I've read that crypt() will auto select blowfish if an appropriate salt is provided. If that is the case, What makes a salt blowfish appropriate?

Right now, I have a script that makes a salt out of the date and time, a random number, then hash that for the salt. Is that something I can use with blowfish or not?

Answer 1

Take a look at http://php.net/manual/en/function.crypt.php

If you scroll down about 1/3, you should see the heading: Example #3 Using crypt() with different hash types. Hopefully this will help! and your salt should be fine!

Answer 2

In short: don't build it yourself. Use a library.

In PHP 5.5, there will be a new API available to make this process easier on you. Here's the RFC for it.

I've also created a backwards-compatibility library for it here: password-compat:

$hash = password_hash($password, PASSWORD_BCRYPT);

And then to verify:

if (password_verify($password, $hash)) {
    /* Valid */
} else {
    /* Invalid */
}

And if you want another library, check out phpass

In short, don't do it yourself. There's no need. Just import the library and be done with it...

Answer 3

Try this - its untested, I just whipped it up to show how to use the BLOWFISH algo with PHP

<?php
class cipher {
private static $mode = 'MCRYPT_BLOWFISH';
private static $key = 'q!2wsd#45^532dfgTgf56njUhfrthu&^&ygsrwsRRsf';

public static function encrypt($buffer){
    $iv                 = mcrypt_create_iv(mcrypt_get_iv_size(constant(self::$mode), MCRYPT_MODE_ECB), MCRYPT_RAND); 
    $passcrypt  = mcrypt_encrypt(constant(self::$mode), self::$key, $buffer, MCRYPT_MODE_ECB, $iv); 
    $encode         = base64_encode($passcrypt); 
    return $encode; 
}

public static function decrypt($buffer){
    $decoded        = base64_decode($buffer); 
    $iv                 = mcrypt_create_iv(mcrypt_get_iv_size(constant(self::$mode), MCRYPT_MODE_ECB), MCRYPT_RAND); 
    $decrypted  = mcrypt_decrypt(constant(self::$mode), self::$key, $decoded, MCRYPT_MODE_ECB, $iv);
    return $decrypted;
}
}
?>

IMPORTANT!! CHANGE THE $key VALUE TO ANOTHER RANDOM STRING!

Usage:

To Encrypt:

$mystring = 'a quick brown fox jumped over the lazy llama'; $mystring = cipher::encrypt($mystring);

To Decrypt:

$mystring = cipher::decrypt($myencryptedstring);