On 12 August 2010 02:07, Josh Kehn josh.k...@gmail.com wrote:
On Aug 11, 2010, at 6:50 PM, tedd wrote:
Hi gang:
Okay, a question to the Encryption/Decryption gurus out there.
If you were given:
1. This encrypted string:
p3IVhDBT26i+p4vd7J4fAw==
2. Were told it was a social security
On Wed, Aug 11, 2010 at 6:50 PM, tedd t...@sperling.com wrote:
Hi gang:
Okay, a question to the Encryption/Decryption gurus out there.
If you were given:
1. This encrypted string:
p3IVhDBT26i+p4vd7J4fAw==
2. Were told it was a social security number (i.e., in the form of
123-45-6789).
On 12 August 2010 09:48, Adam Richardson simples...@gmail.com wrote:
On Wed, Aug 11, 2010 at 6:50 PM, tedd t...@sperling.com wrote:
*snip*
1. MD5 - Use of this old algorithm to produce your keys limits your key
space due to collisions AND the fact that 3DES accepts keys longer than the
At 8:09 PM -0400 8/11/10, Bastien Koert wrote:
From my experience, I'd have to say that it would be a real tough go
to crack that. If there was a weak point in the scheme is that your
end result pattern ( the ssn ) is defined with a pair of constants,
the hyphens. In our scheme we remove the
At 3:48 AM -0400 8/12/10, Adam Richardson wrote:
-- snip excellent points --
Of note, SS#'s are a special piece of data, not only because of their power,
but because of their lifetime (normally as long as the individual lives.)
This is very different from a credit card which gets updated every
From: tedd
At 8:09 PM -0400 8/11/10, Bastien Koert wrote:
From my experience, I'd have to say that it would be a real tough go
to crack that. If there was a weak point in the scheme is that your
end result pattern ( the ssn ) is defined with a pair of constants,
the hyphens. In our scheme we
On Thu, Aug 12, 2010 at 10:00 AM, tedd t...@sperling.com wrote:
At 8:09 PM -0400 8/11/10, Bastien Koert wrote:
From my experience, I'd have to say that it would be a real tough go
to crack that. If there was a weak point in the scheme is that your
end result pattern ( the ssn ) is defined
Hi gang:
Okay, a question to the Encryption/Decryption gurus out there.
If you were given:
1. This encrypted string:
p3IVhDBT26i+p4vd7J4fAw==
2. Were told it was a social security number (i.e., in the form of
123-45-6789).
3. And it had been generated from this code:
$cipher =
On Aug 11, 2010, at 6:50 PM, tedd wrote:
Hi gang:
Okay, a question to the Encryption/Decryption gurus out there.
If you were given:
1. This encrypted string:
p3IVhDBT26i+p4vd7J4fAw==
2. Were told it was a social security number (i.e., in the form of
123-45-6789).
3. And it
From my experience, I'd have to say that it would be a real tough go
to crack that. If there was a weak point in the scheme is that your
end result pattern ( the ssn ) is defined with a pair of constants,
the hyphens. In our scheme we remove the dashes and just provide a
mask for display. We also
Edward Diener wrote:
Phpster wrote:
In reading the license I believe it refers to the gnupg itself, not
the application it may be embedded in. You are completely free to use
gnupg as you choose including modifying it to meet your needs.
I always thought the GNU public license demanded that
if you want client to send encrypted form to server. then it must be
done using some kind of
client side script (javascript?). i don't think it is reliable.
why not just use https protocol. all data between client and server
will be encrypted.
On 1/1/09, Per Jessen p...@computer.org wrote:
Per Jessen wrote:
Edward Diener wrote:
Phpster wrote:
In reading the license I believe it refers to the gnupg itself, not
the application it may be embedded in. You are completely free to use
gnupg as you choose including modifying it to meet your needs.
I always thought the GNU public
paragasu wrote:
if you want client to send encrypted form to server. then it must be
done using some kind of
client side script (javascript?).
I am using C++.
i don't think it is reliable.
Why would it not be reliable if I were using a public-key/private-key
encryption library which works
Edward Diener wrote:
why not just use https protocol. all data between client and server
will be encrypted.
The data must be encrypted/decrypted going both ways between the
client and the server. Does using https automatically do that ? If it
does that would be great.
Yes, that is
In reading the license I believe it refers to the gnupg itself, not
the application it may be embedded in. You are completely free to use
gnupg as you choose including modifying it to meet your needs.
Bastien
Sent from my iPod
On Dec 30, 2008, at 10:50 PM, Edward Diener
As I understand it:
You can LINK your commercial binary with GPL binaries, and keep closed source.
You cannot co-mingle the two C source codes together and keep it closed.
I am fairly certain you can find commercial C++ offerings to generate PGP key
pairs, instead of using the GnuPG OSS
Phpster wrote:
In reading the license I believe it refers to the gnupg itself, not the
application it may be embedded in. You are completely free to use gnupg
as you choose including modifying it to meet your needs.
I always thought the GNU public license demanded that any non-free
modules,
My client application needs to send data to a PHP page in encrypted form
and have the PHP code able to decrypt it. Likewise the PHP code needs to
return data to my application encrypted and my client application needs
to be able to decrypt it.
My application is written in C++ and naturally the
2008. 01. 17, csütörtök keltezéssel 12.14-kor Ken Kixmoeller -- reply to
[EMAIL PROTECTED] ezt írta:
(forgot to copy the list)
On Jan 16, 2008, at 5:08 PM, Richard Lynch wrote:
Is it possible that 4% of the time, you have spaces on the start/end
of the string, which get trimmed before
(forgot to copy the list)
On Jan 16, 2008, at 5:08 PM, Richard Lynch wrote:
Is it possible that 4% of the time, you have spaces on the start/end
of the string, which get trimmed before encryption?
In this case, no. In trying to simplify the situation to narrow the
possibilities of error,
On Jan 15, 2008, at 10:48 PM, Casey wrote:
It returns the correct value. If you look at the last example, and run
base64_decode on MDAwMzEwMDI0NDA0MTMyOQ==, you will get
0003100244041329.
Oops. Haste makes crappy programming.
Ken
--
PHP General Mailing List (http://www.php.net/)
To
On Jan 16, 2008, at 1:28 AM, Andrés Robinet wrote:
1 - Mike is right about first encrypting and then doing a
base64_encode (then saving results to DB, cookies, etc). I don't
know why replacing to + for decrypting, though.
His other post explains that php didn't seem to like spaces.
. I am not entirely sure if the str_replace for the spaces is
-required- for a PHP to PHP encryption/decryption, but it doesn't seem
to hurt, and I don't believe this should fail for any reason in your
tests...
The one caveat is I think it is suggested to use the mcrypt_generic()
functions now
Many thanks, Mike --- yours works great... 0 errors.
On Jan 16, 2008, at 9:24 AM, mike wrote:
function data_encrypt($data) {
if(!$data) { return false; }
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,
$GLOBALS['config']['salt'], $data, 'cbc', md5($GLOBALS['config']['
On Tue, January 15, 2008 10:48 pm, Casey wrote:
On Jan 15, 2008 8:40 PM, Ken Kixmoeller -- reply to [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
I second that, you should base64 encode values before encrypting
and base64
decode them
Is it possible that 4% of the time, you have spaces on the start/end
of the string, which get trimmed before encryption?
And if rijndael is one of the algorithms which requires a fixed-size
input, that also would be bad to trim it. If you need multiple of
16 bytes input, leave the input alone.
Hey --- - -
I am in the process of upgrading the encryption technology I am using
from (64 bit) blowfish to (256 bit) rijndael.
The code (and some explanations) is below, but the results are, um,
unusual, and I can't see what I am doing wrong. For testing, I have a
program that generates
On Jan 15, 2008, at 4:54 PM, Ken Kixmoeller -- reply to [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Hey --- - -
I am in the process of upgrading the encryption technology I am
using from (64 bit) blowfish to (256 bit) rijndael.
The code (and some explanations) is below, but the results
On Jan 15, 2008, at 7:06 PM, Casey wrote:
Maybe you could echo the results of the failed ones and compare.
I did that at first, thinking that something about these strings
might cause the problem. But then I realized: I can't blame the
data. I don't have any control over what users use
-0600 To:
php-general@lists.php.net Subject: Re: [PHP] Encryption failing On Jan
15, 2008, at 7:06 PM, Casey wrote: Maybe you could echo the results of
the failed ones and compare. I did that at first, thinking that something
about these strings might cause the problem. But then I
result from the
encryption, usually a combination of characters that approximate a null or
end of line
bastien From: [EMAIL PROTECTED] Date: Tue, 15 Jan 2008 21:41:45 -0600 To:
php-general@lists.php.net Subject: Re: [PHP] Encryption failing On Jan
15, 2008, at 7:06 PM, Casey wrote
-Original Message-
From: Bastien Koert [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 12:55 AM
To: Ken Kixmoeller -- reply to [EMAIL PROTECTED]; php-
[EMAIL PROTECTED]
Subject: RE: [PHP] Encryption failing
are you base64 encoding the resultant encryption string? I
On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
-Original Message-
From: Bastien Koert [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 12:55 AM
To: Ken Kixmoeller -- reply to [EMAIL PROTECTED]; php-
[EMAIL PROTECTED]
Subject: RE: [PHP] Encryption failing
are you
On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
I second that, you should base64 encode values before encrypting
and base64
decode them after decrypting to be safe.
Thanks for the idea.
Like this? Fails 500/500 times on my test.
if ($EorD == D)
On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
I second that, you should base64 encode values before encrypting
and base64
decode them after decrypting to be safe.
Thanks for the idea.
Like this? Fails 500/500 times on my test.
if ($EorD == D) {
On Jan 15, 2008 8:40 PM, Ken Kixmoeller -- reply to [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
I second that, you should base64 encode values before encrypting
and base64
decode them after decrypting to be safe.
Thanks for the idea.
if ($EorD == D) {
$text_out = mdecrypt_generic($cypher,$text);
$text = base64_decode($text);
shouldn't this be base64_decode($text_out) ? :)
} else {
$text= base64_encode($text);
$text_out = mcrypt_generic($cypher,$text);
-Original Message-
From: mike [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 1:49 AM
To: Ken Kixmoeller -- reply to [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Subject: Re: [PHP] Encryption failing
if ($EorD == D
On 1/15/08, Andrés Robinet [EMAIL PROTECTED] wrote:
1 - Mike is right about first encrypting and then doing a base64_encode (then
saving results to DB, cookies, etc). I don't know why replacing to +
for decrypting, though.
we have an application which sets an encrypted cookie in .NET, and
On Sat, May 20, 2006 10:35 am, Lawrence Kennon wrote:
--- Rory Browne [EMAIL PROTECTED] wrote:
but does support Cardservice
International.
These guys give you a PHP library that you http://php.net/include
which then provides functions you can call which you pass in the CC#
and they give you
--- Rory Browne [EMAIL PROTECTED] wrote:
It's better if, when it comes to time
to checkout, you redirect your client
to your Payment Service Providers (PSP's)
website, your PSP processes the payment,
and redirects the client back to your
site. The PSP would then contact you
directly
snip
So let's say that I want to integrate a shopping cart
with a PSP, right up to the moment they get to the
checkout, they see my client's URL. They hit the
Checkout button and then they will see the URL of
the PSP? Then once they place the order then they are
redirected back to my client's
For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?
I have a client who currently uses a Perl scripted
shopping cart that stores orders (including credit
card numbers) in plain text files
On 5/19/06, Lawrence Kennon [EMAIL PROTECTED] wrote:
For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?
I have a client who currently uses a Perl scripted
shopping cart that stores
For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?
I have a client who currently uses a Perl scripted
shopping cart that stores orders (including credit
card numbers) in plain
Re: Encryption Advice
First off, thanks to the folks who replied with
advice. I am mulling over your advice (and I greatly
appreciate it!). I have been doing PHP programming for
a couple years, including secure sites, but this is my
first ecommerce venture, so I am trying to learn as
much as I
Lawrence Kennon wrote:
I use a directive to tell gpg to not warn me about
using insecure memory but since no private keys
reside on this host I think I can safely ignore that
(they can't steal what is not there).
But your unencrypted data is there, so someone could possibly snoop
that from
--- Koen Martens [EMAIL PROTECTED] wrote:
But your unencrypted data is there, so someone could
possibly snoop
that from the insecure memory.
This is true.
I am going to ask the hosting company to setuid gpg as
root. That should solve one problem (from gpg docs):
This is necessary to lock
--- Koen Martens [EMAIL PROTECTED] wrote:
But your unencrypted data is there, so someone could
possibly snoop
that from the insecure memory.
This is true.
I am going to ask the hosting company to setuid gpg as
root. That should solve one problem (from gpg docs):
This is
On Fri, May 19, 2006 8:54 am, Lawrence Kennon wrote:
For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?
I have a client who currently uses a Perl scripted
shopping cart that stores
On Fri, May 19, 2006 1:36 pm, Lawrence Kennon wrote:
In regards to GNU Privacy Guard (gpg), I did actually
manage to get that to work in the hosting environment
(without the help of the hosting support folks! :). I
use a directive to tell gpg to not warn me about
using insecure memory but
On Fri, May 19, 2006 3:00 pm, Lawrence Kennon wrote:
But just out of curiousity, let's assume you are
running a shopping cart which takes credit cards and
passes them on to whomever approves them and you don't
_ever_ write this info to files. Aren't you also
vulnerable to someone being able
snip lots of good stuff
Are there any employees who have access to this PC? What sort of
background checks have you run on every employee?
Do you REALLY want to run the risk of having to DESTROY your
reputation with all your customers?
/snip
Not only all that, but suppose one of your
DO NOT STORE CREDIT CARD NUMBERS!!!
Period!!!
If your PHP script can access them, then they are too accessible to
the Bad Guys.
Ditto
Even if nothing else, someone could modify your code to email them the CC
Numbers.
It's better if, when it comes to time to checkout, you redirect your
Hey all.
I am trying to get encryption working for my site.
I have found some code and set up a test bed for it, but it fails to return
the same value after the 26th item. I was hoping someone could take a look
and maybe tell me why? There is very little help out there for encryption.
If you
]
To: [EMAIL PROTECTED]
Date: 07/13/2004 3:17:54 PM
Subject: [PHP] encryption needed?
Hi all,
I am to set up a service where users can view news of companies.
To identify the company selected an easy way is to use the company-id.
The id is not displayed but stored in the client browser as JS-variable
Hi all,
I am to set up a service where users can view news of companies.
To identify the company selected an easy way is to use the company-id.
The id is not displayed but stored in the client browser as JS-variable.
Question:
Is it ok to use the company-id or do I have to encrypt the id
using
I wouldn't encrypt the ID, but I can't help wonder why you don't want people
knowing the company's ID. They can get access to it if you're storing it
client-side.
This is like using a single script to view documents where you provide the
ID of the document to display.
I have a need for an encryption program that can encrypt/decrypt data. I
previously had a programmer build me a C program that compiled and runs on
the command line, which I would then call via PHP.
We are experiencing with this however, a 5-7% fail rate on the decryption -
not acceptable for
Good morning gurus!
I am encrypting some data on one server and now I am attempting to decrypt on another
server using mcrypt_encrypt and mycrypt_decrypt (using same key and initialzation
vector). It is almost working but I seem to still have a little problem, that data is
missing the last
[snip]
I am encrypting some data on one server and now I am attempting to decrypt on another
server using mcrypt_encrypt and mycrypt_decrypt (using same key and initialzation
vector). It is almost working but I seem to still have a little problem, that data is
missing the last character which
I wouldn't use crypt, instead use one of the proven more secure hashes
like md5 or sha1.
For password hashing I'd use md5 (PHP 3 and 4) if you want broad
support or sha1 for a little more security (sha1 hasn't been in PHP as
long (only since 4.3.0) so you will lose some compatability,
Ryan
I know this is an opinion thing but what's the best functions or function set
for password encryption?
Currently my project uses md5 but I thinks it's more for checksums isn't it?
Also, is mcrypt used for passwords? I looks like it's a two-way encryption.
--
Ryan Thompson
[EMAIL PROTECTED]
Sorry. Just stumbled on crypt()
On Friday 10 October 2003 22:31, Ryan Thompson wrote:
I know this is an opinion thing but what's the best functions or function
set for password encryption?
Currently my project uses md5 but I thinks it's more for checksums isn't
it? Also, is mcrypt used for
On Fri, 2003-10-10 at 20:31, Ryan Thompson wrote:
I know this is an opinion thing but what's the best functions or function set
for password encryption?
Currently my project uses md5 but I thinks it's more for checksums isn't it?
Also, is mcrypt used for passwords? I looks like it's a
I think it all falls under the cryptography category, but you're right -
it doesn't fall into the encryption/decryption scheme since it is only
one-way.
-M
-Original Message-
From: Brad Pauly [mailto:[EMAIL PROTECTED]
Sent: Friday, October 10, 2003 10:43 PM
To: php-gen
Subject: Re: [PHP
I want to use the mcrypt functions to encrypt credit card numbers for
storage in a mysql database, which mycrypt does admirably:
$key = this is a secret key;
$input = Let us meet at 9 o'clock at the secret place.;
$iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_CBC),
Not a good idea, you might look at some form of public key encryption
where you encrypt the credit card information with the public key and
the merchant decrypts it with their private key that is not on the
server.
You generally do not want to store the information encrypted with mcrypt
because
Could you use the Zend Encoder to encrypt the PHP script?
http://www.zend.com/store/products/zend-safeguard-suite.php
--
Lowell Allen
From: Mike Morton [EMAIL PROTECTED]
Date: Thu, 30 Jan 2003 09:30:36 -0500
To: [EMAIL PROTECTED]
Subject: [PHP] Encryption using MMCrypt - whats the point
http://www.ioncube.com/
Encrypt PHP scripts (there pretty cheap to).
On Thu, 2003-01-30 at 09:30, Mike Morton wrote:
I want to use the mcrypt functions to encrypt credit card numbers for
storage in a mysql database, which mycrypt does admirably:
$key
Adam/Lowell:
Thanks for the suggestions but like all clients they want maximum
function for minimum $$ - encoders are therefore not a possibility (but I
will keep that in mind for future apps :))
Thanks.
On 1/30/03 9:55 AM, Adam Voigt [EMAIL PROTECTED] wrote:
http://www.ioncube.com/
Title: Re: [PHP] Encryption using MMCrypt - whats the point?
Granted, the $350 stand-alone encoder is a bit expensive. I'm talking about the online
encoder though, you pass your PHP script through the online-control center and it
output's the encrypted version, a typical PHP program is $5.00
Using a PHP encoder or compiling a binary does not make it more secure
than storing the IV and encryption key in plain text in a PHP script.
The problem is the fact that the encryption cipher requires the same key
for encryption and decryption, this is not a problem in many encryption
cases but
Hi!
I read the PHP manual about the encryption, mcrypt_module_open(). I
have been trying to figure out an example of the parameters inside the
functions. I tried some of these options but I still get the error message
saying Warning: mcrypt module initialization failed in . Here's
Hello,
I was wondering if anyone has some examples of encrypting credit card
numbers in a database?
Basically, someone goes to a secure site, enters their information, and
then it is stored locally in a mysql database until it can be entered
(this is all we have for now until we setup a
I want to compare a password to a encrypted password stored in my mySQL
database using password('password'), what's the best way to compare the two?
Encrypted the password sent by the user and compare or pull the password
from the database based on username, decrypt it and then compare?
--
I want to compare a password to a encrypted password stored in my
mySQL
database using password('password'), what's the best way to compare
the
two?
Encrypted the password sent by the user and compare or pull the
password
from the database based on username, decrypt it and then compare?
Just how are you going to decrypt it? Password encryption is ordinarily
one-way - you have no choice. You have to compare encrypted passwords.
-Original Message-
From: Tom Ray [mailto:[EMAIL PROTECTED]]
SI want to compare a password to a encrypted password stored in my mySQL
database
: Justin French [EMAIL PROTECTED]
To: Bob Irwin [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, September 05, 2002 4:00 PM
Subject: Re: [PHP] Encryption of emails.
Perhaps not EXACTLY what you're after, but I wrote a small, simple
function
to encrypt a string with a key (i'll skip a long note
Hey guys,
Can anyone recommend any PHP functions or plugins that will allow me to send
encrypted emails via PHP? Something similar to PGP would be excellent. I
have use PGP with a formmail cgi previously, but obviously it'd be easier to
have in-PHP support for it.
Any suggestions are much
Perhaps not EXACTLY what you're after, but I wrote a small, simple function
to encrypt a string with a key (i'll skip a long note about keeping the key
safe).
Then I send an email with the data encrypted, and decrypt it at the other
end (me) using a decrypt script located on my local server.
It
My company is going to be
1. Hosting our code on other people servers
2. selling our programs.
We are going to be needing to encrypt the codewhat would you all
suggest?
How about Zend Encoder...is it any good? (even though its so much $$)
Disclosure: I'm a former employee and come with
I need to do some encryption/decryption of data in PHP. I don't
need anything heavy duty. Just some scheme that obscures strings
in a non-trivial manner.
I am on a shared hosting site which doesn't have the mcrypt suite
installed with PHP ( they won't install it).
Does anyone know of any
Without using SSL or JavaScript, is there any way to make an md5 hash or
encrypt a string before sending it out as a POST request?
It seems that without encrypting the data before sending it, it can
still be intercepted. Once intercepted, it doesn't matter if I use
md5() on the
-Original Message-
From: Erik Price [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 23, 2002 12:20 PM
To: PHP
Subject: [PHP] encryption and HTTP
Without using SSL or JavaScript, is there any way to make an
md5 hash or
encrypt a string before sending it out as a POST request
I am totally new to encryption.
My question is very simple.
If I use the mcrypt module to encrypt and decrypt some
data, would it guarantee to work consistently with
future versions of the mcryp module (or PHP versions).
(i.e. Would decription always give me the same
result?)
Thanks.
=
Hi,
Can someone give me a brief over view of how to encrypt a password and
store it in a MySQL DB, then be able to validate thier plain text
password on login against the encrypted one on the DB?
I'm guessing I:
1. encrypt the desired password with some sort of key (eg blahblah)
which is
Richy
-Original Message-
From: Justin French [SMTP:[EMAIL PROTECTED]]
Sent: 06 December 2001 12:33
To: php
Subject:[PHP] encryption
Hi,
Can someone give me a brief over view of how to encrypt a password and
store it in a MySQL DB, then be able to validate thier plain text
UPDATE members set passwd=PASSWORD(passwd);
select login from members where PASSWORD($form_pass)=passwd;
Regards,
Adnrey Hristov
- Original Message -
From: Justin French [EMAIL PROTECTED]
To: php [EMAIL PROTECTED]
Sent: Thursday, December 06, 2001 2:32 PM
Subject: [PHP] encryption
* Justin French [EMAIL PROTECTED] [Dec 06. 2001 07:33]:
Can someone give me a brief over view of how to encrypt a password and
store it in a MySQL DB, then be able to validate thier plain text
password on login against the encrypted one on the DB?
An alternative is to just store an Md5 of
Clark [EMAIL PROTECTED]
To: PHP is not a drug. [EMAIL PROTECTED]
Sent: Thursday, December 06, 2001 2:48 PM
Subject: Re: [PHP] encryption
* Justin French [EMAIL PROTECTED] [Dec 06. 2001 07:33]:
Can someone give me a brief over view of how to encrypt a password and
store it in a MySQL DB
- Original Message -
From: Valter Santos [EMAIL PROTECTED]
To: Brian Clark [EMAIL PROTECTED]; PHP is not a drug.
[EMAIL PROTECTED]
Sent: Thursday, December 06, 2001 9:34 AM
Subject: Re: [PHP] encryption
I agree... MD5 is the best way to store passwords...
you only store the md5 hash
: Francis Fillion [EMAIL PROTECTED]
To: Tom Malone [EMAIL PROTECTED]
Cc: PHP Users [EMAIL PROTECTED]
Sent: Thursday, July 19, 2001 5:14 PM
Subject: Re: [PHP] encryption
One of my friends has a rsa key somethings, what it does is that at
every few minutes it generate a random number so for login on his
.
Thoughts?
Sheridan
- Original Message -
From: Francis Fillion [EMAIL PROTECTED]
To: Tom Malone [EMAIL PROTECTED]
Cc: PHP Users [EMAIL PROTECTED]
Sent: Thursday, July 19, 2001 5:14 PM
Subject: Re: [PHP] encryption
One of my friends has a rsa key somethings, what
Hello,
I have been trying to get some stuff encrypted, sent by mail to another
machine and then decrypted on the other end by a perl script. I am using
base64 encoding to convert the encrypted data into ascii for transmission
over email. However, the perl script at the other end which does the
in
the manual right before I was about to use the crypt() function to encrypt
my password and compare it to the encrypted hash in the DB:
It seems that a lot of people don't understand the point of using one-way
encryption. More importantly, a lot of web designers forget that PHP
password and compare it to the encrypted hash in the DB:
It seems that a lot of people don't understand the point of using one-way
encryption. More importantly, a lot of web designers forget that PHP
encryption is done entirely on the web server, not the client
.
That way the only thing that ever gets transmitted is an md5 hash =P
Sheridan
- Original Message -
From: Jeff Bearer [EMAIL PROTECTED]
To: Tom Malone [EMAIL PROTECTED]
Cc: PHP Users [EMAIL PROTECTED]
Sent: Thursday, July 19, 2001 12:17 PM
Subject: Re: [PHP] encryption
I'd use
Malone [EMAIL PROTECTED]
Cc: PHP Users [EMAIL PROTECTED]
Sent: Thursday, July 19, 2001 12:17 PM
Subject: Re: [PHP] encryption
I'd use the password function in mysql to store encrypted passwords, I'd
be interested to hear
if anyone has a reason that doing this is not a good idea
1 - 100 of 112 matches
Mail list logo
