Remember Me
forgot your password?

How to Encrypt and Hash Passwords in Php

Posted: Feb 2nd, 2008 | Comments: 0 | Views: 118 | Bookmark and Share
Syndicate this Article

If you want to build a user-management system - or work on someone else's - you should know a few basics about how passwords are encrypted or hashed. In other words, how are they made safe for storage?

What is a Hash?

Before a password is stored, it is typically converted into a "hash." This isn't technically a form of encryption, because it is a one way process. Once a password has been hashed... there's no going back.

For example, if I hash the phrase "Bananas," I might get back this garbled mess of characters - "1ee31b77d0697c36914b99d1428f7f32."

The reason we do this is so that someone who views the database - a hacker or maybe a dishonest systems adminstrator - can't figure out your password. He or she will see the hash and have no idea what the password is.

The script that checks your password when you log in knows how the hash was created - so it can recreate that hash if you give it the same password. The hash it creates based on your input can then be checked against the one in the database to see if you entered the real password.

Ok, How Do We Create a Hash?

There are two major functions for creating hashes in php - md5() and crypt().

md5 is the simpler function, so we'll start there. You simply call the function like so...

md5("Password String");

This returns the encrypted hash. If you called md5("Bananas"), you would always get "1ee31b77d0697c36914b99d1428f7f32" back as a result. You would then store that phrase in the database to check the password in the future.

Crypt is a bit more complicated. With md5, you always get the same result. With crypt, you can use different encryption keys or "salts" to get different results. You can encrypt something with crypt like this...

crypt("Password String");

or

crypt("Password String", "Salt");

If you do not provide a salt or encryption key, them PHP creates one for you. This changes the way the word is hashed. So if you called crypt("Bananas") twice, you would get two different results. Here's some extra reading on how to use crypt to hash and encrypt a password in PHP.

So Which is Better?

That's debateable. In most cases, crypt uses the same hashing algorithm that md5 does. Neither is necessarily "stronger" than the other.

The one advantage that crypt does has is that it can a different encryption key or salt each time. The same password can have a different hash if it is created with a different salt.

Therefore it is near impossible to create a dictionary of known hashes. With md5, this can be done easily - because each password phrase has only one possible hash value.

A dictionary like this would make a hacking attempt much easier than if the computer had to physically hash and check each possible phrase. Here's some more reading on the difference between md5 and crypt.

Good luck hashing, and remember - the best way to learn php is to try new things. So go practice.

Brian Rock

PHP Tutorials, Web Design Guides, and Money Making Tips.
Latest PHP Tutorials.
Security Related Articles.

Rate this Article: 0 / 5 stars - 0 vote(s)
Print Email Re-Publish

Add new Comment

Captcha

  • Latest Web Design Articles
  • More from Brian Rock

Disadvantages of Choosing Pre Built Templates

By: Alejandro Anillo | 28/11/2009
This article focuses on disadvantages of pre built templates available on the internet.

Getting Your Website Re-Designed

By: Mark Walters | 28/11/2009
Useful information and advice on re-designing your website. Learn why it is important to have a fresh and up to date website and how to start the re-design process.

texas-web-design

By: Derick Hartmanom | 28/11/2009
McAllen Web Design extends custom-built web design and development for your business organization by providing an streamlined website that does more than just have bits of information and a a couple of pages here and there. There requires to be research done, as with any professional service you are participating in - such as writing a research paper. A great website will stresses on the order, visual aspect and code just as much as the special message itself. Your web site should ...

Design of website with respect to search engine optimization

By: Stella | 28/11/2009
Here are some essential web design tips that every web site should follow. Listed below are some useful and rather important tips for designing a professional and high quality web site:

Corporate identity and Corporate Logos: The need for constant innovation

By: John Tweak | 28/11/2009
Corporate identity is an essential element of the successful operation of a business. It is all about creating a positive impression of the company in the minds of the population, so that business becomes sustainable and yields better results. Corporate identity sends a strong message about the principles and purpose of the company to the target audience, so that the target audience reacts optimistically in line with its requirements and needs.

Finding Help for Homestead Website Beginner

By: Homestead User | 28/11/2009
So you've built your website, published your pages onto the Internet and now your going to have thousands of visitors coming your way, right? That's not the way it works because there are things that keep your Homestead website from being a success.

Starter Websites: Affordable Web Solutions for Small Business

By: Amalendu Hajraa | 28/11/2009
The article informs readers about starter website and what they should keep in mind concerning starter websites. In this connection the article also speaks about starter website packages by offshore development centers in India.

Web Development Tools

By: Carley Swao | 28/11/2009
Web development is the process of developing a web site for the World Wide Web or Internet. This includes e-commerce, web design, web content development and web server configuration.

Syndicate RSS Feeds on your Website for Extra Content

By: Brian Rock | 09/02/2008 | Web Design
RSS feeds are a great way for you to keep up to date on your favorite websites. But they can be an even greater tool for a webmaster. You can syndicate RSS feeds on your own site, adding continuously updating content without any work of your own.

Three Ways to Display Sample Html in a Web Browser

By: Brian Rock | 16/01/2008 | Web Design
If you want to display some sample HTML, you've got a tiny problem. The browser thinks that it should render the code. This guide suggests three ways that you can force the browser to display the markup un-rendered.

Submit Your Articles Free: Signup
Brian Rock Brian Rock has 3 articles online.
Contact Author
Subscribe to RSS

Print article
Publish this Article
Send to friend
Article Categories



Need Help?
Contact Us
FAQ
Submit Articles
Editorial Guidelines
Blog
Site Links
Recent Articles
Top Authors
Top Articles
Find Articles
Site Map
Webmasters
Partner with Us
RSS Builder
RSS
Link to Us
Business Info
Advertising
Article Writing
Partner with Us

Use of this web site constitutes acceptance of the Terms Of Use and Privacy Policy | User published content is licensed under a Creative Commons License.
Copyright © 2005-2008 Free Articles by ArticlesBase.com, All rights reserved. (1.12, 8, w1)