RE: [PHP] Encryption Question SOLVED
[snip] I am encrypting some data on one server and now I am attempting to decrypt on another server using mcrypt_encrypt and mycrypt_decrypt (using same key and initialzation vector). It is almost working but I seem to still have a little problem, that data is missing the last character which still seems to be encrypted. I am putting the data in the database with addslashes, and retrieving with stripslashes, but I get things like this; 45221141¤Þ,]¹9Ñ 7775ÿåZ|z while($arrEncInfo = mysql_fetch_array($dbGetSub)){ $stripDataA = stripslashes($arrEncInfo['dataA']); $stripIV = stripslashes($arrEncInfo['iv']); $dataA = mcrypt_decrypt($encAlg, $encKey, $stripDataA, $encMode, $stripIV); echo $dataA . "\n"; } Has anyone seen this? Could there be a difference between the PHP installs? Both are version 4.3.7. [/snip] I found the problem on the field in question. I had left the column in the database the same length as it was prior to encrypting the data. This, as it turns out, is a BAD THING [tm]. Make sure that database columns are large enough to hold the whole of the encrypted data. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encryption question
I wouldn't use crypt, instead use one of the proven more secure hashes like md5 or sha1. For password hashing I'd use md5 (PHP 3 and 4) if you want broad support or sha1 for a little more security (sha1 hasn't been in PHP as long (only since 4.3.0) so you will lose some compatability, Ryan Thompson wrote: I know this is an opinion thing but what's the best functions or function set for password encryption? Currently my project uses md5 but I thinks it's more for checksums isn't it? Also, is mcrypt used for passwords? I looks like it's a two-way encryption. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption question
I think it all falls under the "cryptography" category, but you're right - it doesn't fall into the encryption/decryption scheme since it is only one-way. -M -Original Message- From: Brad Pauly [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2003 10:43 PM To: php-gen Subject: Re: [PHP] Encryption question md5 is a one-way hash function. It is great for passwords. (I'm not sure if that technically qualifies as encryption because it is nearly impossible to decrypt..hmm) Anyway, I would recommend using it. - Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encryption question
On Fri, 2003-10-10 at 20:31, Ryan Thompson wrote: > I know this is an opinion thing but what's the best functions or function set > for password encryption? > > Currently my project uses md5 but I thinks it's more for checksums isn't it? > Also, is mcrypt used for passwords? I looks like it's a two-way encryption. md5 is a one-way hash function. It is great for passwords. (I'm not sure if that technically qualifies as encryption because it is nearly impossible to decrypt..hmm) Anyway, I would recommend using it. - Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encryption question
Sorry. Just stumbled on crypt() On Friday 10 October 2003 22:31, Ryan Thompson wrote: > I know this is an opinion thing but what's the best functions or function > set for password encryption? > > Currently my project uses md5 but I thinks it's more for checksums isn't > it? Also, is mcrypt used for passwords? I looks like it's a two-way > encryption. -- Ryan Thompson [EMAIL PROTECTED] http://osgw.sourceforge.net == "A computer scientist is someone who fixes things that aren't broken" --Unknown -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption Question
Just how are you going to decrypt it? Password encryption is ordinarily one-way - you have no choice. You have to compare encrypted passwords. -Original Message- From: Tom Ray [mailto:[EMAIL PROTECTED]] SI want to compare a password to a encrypted password stored in my mySQL database using password('password'), what's the best way to compare the two? Encrypted the password sent by the user and compare or pull the password from the database based on username, decrypt it and then compare? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption Question
> I want to compare a password to a encrypted password stored in my mySQL > database using password('password'), what's the best way to compare the > two? > > Encrypted the password sent by the user and compare or pull the password > from the database based on username, decrypt it and then compare? SELECT 1 FROM table WHERE password_column = PASSWORD('$password') AND username = '$username' If a row is returned, the username and password match what's in the database. $password and $username would come from your form or whatever... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php