0

I'm trying to create a two way encryption algorithm for my users passwords. I need it to be encrypted but without the pre set encrypt pass (what i set)(salt?) the original password cannot be decrypted

Daniel
  • 3,017
  • 12
  • 44
  • 61
  • 1
    Encrypted data can always be decrypted when using the same key. That’s the [definition of encryption](http://en.wikipedia.org/wiki/Encryption). I guess you rather mean [cryptographic hashing](http://en.wikipedia.org/wiki/Cryptographic_hash_function). – Gumbo Sep 21 '10 at 09:45

4 Answers4

3

For a two way encryption this is called "key", not "salt". Check out mcrypt functions.

user187291
  • 53,363
  • 19
  • 95
  • 127
  • 1
    I'm going to be using this on multiple servers/sites running PHP. most do not have that extension installed. It'd be hard to update every server/site as well. – Daniel Sep 21 '10 at 09:38
  • I need something that built into php – Daniel Sep 21 '10 at 10:10
  • I'm simply looking for a couple of functions i can use to encode and decode a hash, i want a hash to be only decodable if the correct key was used (the one inputted when encoding) – Daniel Sep 21 '10 at 11:25
2

It sounds like you want to use one-way, cryptographic hashing rather than two-way encryption. Here is a good example of best-practice password storage and validation:

To save it:

$userPasswordInput = $_POST['password'];

$salt = // ideally, generate one randomly and save it to the db, otherwise, use a constant saved to the php file

$password = sha1($userPasswordInput . $salt);

Save $password (and preferably $salt) to the db. When comparing, concatenate the salt and the user input, sha1 it (or whichever encryption), then compare it to the saved (encrypted + salted) password.

Community
  • 1
  • 1
etteling
  • 36
  • 1
  • I supose this would work for encryption but. I can't decrypt it and get the password back using the $salt ?? – Daniel Sep 21 '10 at 09:33
0

i did it this way:

create a $user + $password

$saltedHash = md5($salt.$password);

now you have an encrypted password($saltedHash) to save it to the db.

if somebody try to login, you do the same with the inputed password and compare it with the one in the db.

Maik
  • 596
  • 1
  • 6
  • 16
0

The easiest way (though very wasteful in terms of storage) is to generate a random string and XOR it to the password. (As someone already pointed out, this is called a key, not a salt.) This is called a one-time pad. As the name implies, you cannot reuse the same key for multiple passwords.

Tgr
  • 27,442
  • 12
  • 81
  • 118