PHP Tutorials, Web Design Guides, and Money Making Tips.
Latest PHP Tutorials.
Security Related Articles.
If you want to build a user-management system - or work on someone else's - you should know a few basics about how passwords are encrypted or hashed. In other words, how are they made safe for storage?
What is a Hash?
Before a password is stored, it is typically converted into a "hash." This isn't technically a form of encryption, because it is a one way process. Once a password has been hashed... there's no going back.
For example, if I hash the phrase "Bananas," I might get back this garbled mess of characters - "1ee31b77d0697c36914b99d1428f7f32."
The reason we do this is so that someone who views the database - a hacker or maybe a dishonest systems adminstrator - can't figure out your password. He or she will see the hash and have no idea what the password is.
The script that checks your password when you log in knows how the hash was created - so it can recreate that hash if you give it the same password. The hash it creates based on your input can then be checked against the one in the database to see if you entered the real password.
Ok, How Do We Create a Hash?
There are two major functions for creating hashes in php - md5() and crypt().
md5 is the simpler function, so we'll start there. You simply call the function like so...
md5("Password String");
This returns the encrypted hash. If you called md5("Bananas"), you would always get "1ee31b77d0697c36914b99d1428f7f32" back as a result. You would then store that phrase in the database to check the password in the future.
Crypt is a bit more complicated. With md5, you always get the same result. With crypt, you can use different encryption keys or "salts" to get different results. You can encrypt something with crypt like this...
crypt("Password String");
or
crypt("Password String", "Salt");
If you do not provide a salt or encryption key, them PHP creates one for you. This changes the way the word is hashed. So if you called crypt("Bananas") twice, you would get two different results. Here's some extra reading on how to use crypt to hash and encrypt a password in PHP.
So Which is Better?
That's debateable. In most cases, crypt uses the same hashing algorithm that md5 does. Neither is necessarily "stronger" than the other.
The one advantage that crypt does has is that it can a different encryption key or salt each time. The same password can have a different hash if it is created with a different salt.
Therefore it is near impossible to create a dictionary of known hashes. With md5, this can be done easily - because each password phrase has only one possible hash value.
A dictionary like this would make a hacking attempt much easier than if the computer had to physically hash and check each possible phrase. Here's some more reading on the difference between md5 and crypt.
Good luck hashing, and remember - the best way to learn php is to try new things. So go practice.
- Related Videos
- Related Articles
- Ask / Related Q&A
- Develop a Simple Password Function Using Php
- 85 Free Php Scripts
- Using Php and Mysql to Develop a Cms
- How to Encrypt and Hash Passwords in Php
- Self-taught Php/mysql: a Simple Page Counter Tutorial
- Instant Access to Password Protected Microsoft Office Documents
- Php and Mysql Programming Security
- Using Php to Change the Permissions on a Folder
Free Website Design is offered by iQuest an Atlanta Web Design firm
By: ShaiQuest | 11/11/2009Atlanta Web Design Company iQuest Web Design owes its success to its community and, as a token of appreciation, iQuest Web Design would like to offer a free web design to churches, schools, and non-profit organizations.
5 Items to Look for When You Buy a Golf Travel Bag
By: Anna Jones | 11/11/2009A well-known club-and-ball game, in which the skilled golfers use different types of clubs and try to hit the balls in every hole on a large golf course, is known as golf. It is one of the most famous sports in the world. People love watching a game of golf. There are a number of equipments that are required to play golf. The best thing to gift a professional golfer is a golf travel bag.
All About Freelance Web Designer
By: Anna Jones | 11/11/2009Web design is merely the skill of creating presentations of matter frequently, hypertext that is delivered to the end-user through the means of World Wide Web. It is essentially a sort of graphic designing. Nowadays, many people are going for freelance web design. It is very helpful for some people. A freelancer is mostly a self-employed person who is not committed to a specific company.
Geo Targeted Website Design
By: Hemanta | 11/11/2009Target the global audience using Geo Targeted websites & experience the unique features!! Geo Targeted Website targets an audience belonging to a specific region or geographical area.
Web Design Company: Tips on Selecting a Web Design Company
By: Kiran Sonavane | 11/11/2009Taking due consideration before choosing a web design company for your website is very important; first impression leaves a lasting effect on your website visitors, either for good or for bad. It is therefore very important, that you choose a web designer that will give your website the desired look and quality, which is capable of appealing to the senses of your website visitors.
Website development & design objectives
By: Nice One | 11/11/2009Nice One offers a full range of strategic web design solutions for businesses, as well as individuals. Our team of professionals with proven experience in the field of web development can provide high quality, cost-effective complete web solutions including complex database integrated websites, e-commerce portals, intranet development and maintenance.
The Crux of Successful Websites
By: neeraj ahuja | 11/11/2009The crux to a successful website is to maintain a fine balance between an aesthetically pleasing site and a fully functional website.
Creating the Perfect Website Design
By: Guinanie Almonte | 11/11/2009Web design is the most important part of any website. Whether your site is a blog for personal use, a business or e-commerce site, or a review website, think of your websites overall look as the finishing touch. It should be alluring and well matched, not mixed up and boring. A website's look is what your viewers will see when they visit. Without catchy visuals, they may never read your content or click on your ads. A good designer knows that proper placement and coloring will make all of the di
Syndicate RSS Feeds on your Website for Extra Content
By: Brian Rock | 09/02/2008 | Web DesignRSS feeds are a great way for you to keep up to date on your favorite websites. But they can be an even greater tool for a webmaster. You can syndicate RSS feeds on your own site, adding continuously updating content without any work of your own.
How to Encrypt and Hash Passwords in Php
By: Brian Rock | 02/02/2008 | Web DesignIf you want to build a user-management system - or work on someone else's - you should know a few basics about how passwords are encrypted or hashed. In other words, how are they made safe for storage?