Geek asks and answers

Great way to encrypt and decrypt password, files in PHP?

I conducted a series of studies on this topic, but, unfortunately, I could not find the perfect way to encrypt and decrypt files in PHP. This is what I'm trying to do is find a way to encrypt and decrypt my elements without worrying that the cracker knew my algorithm. If some algorithm that needs to be secreted and hidden, it cannot solve my problems, as soon as the logic is spread anywhere, or they burst into my server and received the source file, then it had to somehow decrypt it with using the same decryption algorithm. I used to find some great posts on the StackOverFlow website, but it still couldn't answer my question.

The best way to encrypt the password of the world, from which I finish reading. Encryption Blowfish. This is a one-way hash algorithm with 1000-fold iteration, which makes the cracker need 7-year decryption using the same spec graphics processor.

Obviously, this makes decryption impossible in one-way hashing.

The best way to encrypt and decrypt a password in PHP is, like this question, as it is. Refer to what I found via the Internet, sha1 and md5 are both hacked and broken algorithm, even we change the algorithm from

$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));

For

$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, sha1(md5($key)), $string, MCRYPT_MODE_CBC, sha1(md5(md5($key)))));

Doesn’t this just increase the stiffness in order to decrypt it, but still crack it, but just a problem of time?

/harddisc GUID .

- , , PHP, GUID . , , . harddisc, . harddisc , , .

, blowfish PHP. , ?

- , ? .

+5
6

PHP, PHP, , .

, / .

function encryption_class() {
    $this->errors = array();

    // Each of these two strings must contain the same characters, but in a different order.
    // Use only printable characters from the ASCII table.
    // Do not use single quote, double quote or backslash as these have special meanings in PHP.
    // Each character can only appear once in each string.
    $this->scramble1 = '! #$%&()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~';
    $this->scramble2 = 'f^jAE]okIOzU[2&q1{3`h5w_794p@6s8?BgP>dFV=m D<TcS%Ze|r:lGK/uCy.Jx)HiQ!#$~(;Lt-R}Ma,NvW+Ynb*0X';

    if (strlen($this->scramble1) <> strlen($this->scramble2)) {
        trigger_error('** SCRAMBLE1 is not same length as SCRAMBLE2 **', E_USER_ERROR);
    } // if

    $this->adj = 1.75;  // this value is added to the rolling fudgefactors
    $this->mod = 3;     // if divisible by this the adjustment is made negative
}

PHP >= 5.3.3, encryption_class __construct

:

As of PHP 5.3.3, methods with the same name as the last element of a namespaced class name will no longer be treated as constructor.

:

$crypt = new encryption_class();

$crypt->setAdjustment(1.75); // 1st adjustment value (optional)
$crypt->setModulus(3); // 2nd adjustment value (optional)

/**
 * 
 * @param string $key - Your encryption key
 * @param string $sourceText - The source text to be encrypted
 * @param integer $encLen - positive integer indicating the minimum length of encrypted text
 * @return string - encrypted text
 */
$encrypt_result = $crypt->encrypt($key, $sourceText, $encLen);

/**
 * 
 * @param string $key - Your encryption key (same used for encryption)
 * @param string $encrypt_result - The text to be decrypted
 * @return string - decrypted text
 */
$decrypt_result = $crypt->decrypt($key, $encrypt_result);

Update:

, !!!

, !!! .

//class for encrypt/decrypt routines 
require 'class.encryption.php';

//configuring your security levels
$key = 'This is my secret key; with symbols (@$^*&<?>/!#_+), cool eh?!!! :)';
$adjustment = 1.75;
$modulus = 2;

//customizing
$sourceFileName = 'source-image.png';
$destFileName = 'dest-image.png';
$minSpecifiedLength = 512;

//base64 encoding file contents, to get all characters in our range
//binary too!!!
$sourceText = base64_encode(file_get_contents($sourceFileName));

$crypt = new encryption_class();
$crypt->setAdjustment($adjustment); //optional
$crypt->setModulus($modulus); //optional

//encrypted text
$encrypt_result = $crypt->encrypt($key, $sourceText, $minSpecifiedLength);

//receive initial file contents after decryption
$decrypt_result = base64_decode($crypt->decrypt($key, $encrypt_result));

//save as new file!!!
file_put_contents($destFileName, $decrypt_result);
+5

, . , , , ( ).

, XOR, . , , . .

, , , FTP/SSH/ , . , .

+4

. , (, ) ( ).

One-Way-Hash

(), -. , , . -, , .

, - - bcrypt. blowfish, - ( ). Bcrypt -, ( ). , phpass, , , , .

(), , ( ). , . , , .

, , http, . , , . , .

. , , .

+4

PHP, , PHP OpenSSL. mcrypt - , , :

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = "This is a very secret key";
$text = "Meet me at 11 o'clock behind the monument.";
echo strlen($text) . "\n";

$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
echo strlen($crypttext) . "\n";

, MCRYPT_RAND . , 5 , .

[.] . . , ( ). , ...

# the key should be random binary, use scrypt, bcrypt or PBKDF2 to convert a string into a key
# key is specified using hexadecimals
$key = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3");
echo "Key size (in bits): " . $key_size * 8 . "\n";
$plaintext = "This string was AES-256 / CBC / ZeroBytePadding encrypted.";
echo "Plain text: " . $plain_text . "\n";
$ciphertext_base64 = encryptText($key, $plaintext);
echo  $ciphertext_base64 . "\n";


function encryptText(string $key_hex, string $plaintext) {

    # --- ENCRYPTION ---


    # show key size use either 16, 24 or 32 byte keys for AES-128, 192 and 256 respectively
    $key_size =  strlen($key);


    # create a random IV to use with CBC encoding
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

    # use an explicit encoding for the plain text
    $plaintext_utf8 = utf8_encode($plaintext);

    # creates a cipher text compatible with AES (Rijndael block size = 128) to keep the text confidential 
    # only suitable for encoded input that never ends with value 00h (because of default zero padding)
    $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plaintext_utf8, MCRYPT_MODE_CBC, $iv);

    # prepend the IV for it to be available for decryption
    $ciphertext = $iv . $ciphertext;

    # encode the resulting cipher text so it can be represented by a string
    $ciphertext_base64 = base64_encode($ciphertext);

    return $ciphertext_base64;
}


# === WARNING ===

# Resulting cipher text has no integrity or authenticity added
# and is not protected against padding oracle attacks.

# --- DECRYPTION ---

$ciphertext_dec = base64_decode($ciphertext_base64);

# retrieves the IV, iv_size should be created using mcrypt_get_iv_size()
$iv_dec = substr($ciphertext_dec, 0, $iv_size);

# retrieves the cipher text (everything except the $iv_size in the front)
$ciphertext_dec = substr($ciphertext_dec, $iv_size);

# may remove 00h valued characters from end of plain text
$plaintext_utf8_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);

echo  $plaintext_utf8_dec . "\n";
+1

, , "" , , , . . , ...



-. -, , (, sha512 , , , ) , , 10 000 , , , , , , .



- , -, , , , -, , . , . , , -, . , , .



, . , , . - , , . , , , , , , , , , , . - - - , , , , , , , , .

-:

function the_awesomest_hash($password)
{
    $salt1 = "awesomesalt!";
    $password = $salt1 . $password;
    for($i = 0; $i < 10000; $i++)
    {
        $password = hash('sha512', $password);
    }
    // Some time has passed, and you have added to your hash function
    $salt2 = "niftysalt!";
    $password = $salt2 . $password;
    for($i = 0; $i < 10000; $i++)
    {
        $password = hash('futuresuperhash1024', $password);
    }
    return $password;
}

, , :

function update_hash($password)
{
    // This is the last part of your the_awesomest_hash() function
    $salt2 = "niftysalt!";
    $password = $salt2 . $password;
    for($i = 0; $i < 10000; $i++)
    {
        $password = hash('futuresuperhash1024', $password);
    }
    return $password;
}

-, , , .

+1

, - , joomla. md5 base64. script, -, , .

Joomla md5. , : 30590cccd0c7fd813ffc724591aea603: WDmIt53GwY2X7TvMqDXaMWJ1mrdZ1sKb

"", : md5 ('passwordWDmIt53GwY2X7TvMqDXaMWJ1mrdZ1sKb') = 30590cccd0c7fd813ffc724591aea603

So, take your password. Create a random 32-digit string. Calculate the md5 of the password combined with a random string. Save the result of md5 plus a: plus a random 32-digit string in the database.

-1
source

More articles:


All Articles