PHP

ENCRYPT AND VERIFY PASSWORDS

(quick examples)

ENCRYPT PASSWORD $CIPHER = password_hash($CLEAR, PASSWORD_DEFAULT);

PASSWORD HASH & VERIFY

01

VERIFY PASSWORD echo password_verify($CLEAR, $CIPHER)  ? "VALID" : "INVALID" ;

ENCRYPT PASSWORD $CIPHER = openssl_encrypt($CLEAR, "AES-128-ECB", "SECRETKEY");

OPENSSL ENCRYPT DECRYPT

02

VERIFY PASSWORD echo openssl_decrypt($CIPHER, "AES-128-ECB", "SECRETKEY") == $CLEAR ? "VALID" : "INVALID" ;

NOT REALLY A GOOD IDEA! Secret key compromise = All passwords visible to hacker. Lost secret key = crippled system.

ENCRYPT PASSWORD $SALT = substr(base_convert(sha1(uniqid( mt_rand())), 16, 36), 0, 14); $CIPHER = crypt($CLEAR, $SALT);

CRYPT & HASH EQUALS

03

VERIFY PASSWORD echo hash_equals($CIPHER, crypt($CLEAR, $CIPHER)) ? "VALID" : "INVALID" ;

ENCRYPT PASSWORD $SALT = substr(base_convert(sha1(uniqid( mt_rand())), 16, 36), 0, 14); $CIPHER = crypt($CLEAR, $SALT);

SALTED MD5

04

VERIFY PASSWORD $DSALT = substr($CIPHER, 0, 14); $DPASS = substr($CIPHER, 14); echo md5($DSALT . $CLEAR) == $DPASS  ? "VALID" : "INVALID" ;