Remember Me
forgot your password?

How to Encrypt and Hash Passwords in Php

Posted: Feb 2nd, 2008 | Comments: 0 | Views: 86 | Bookmark and Share
Syndicate this Article

If you want to build a user-management system - or work on someone else's - you should know a few basics about how passwords are encrypted or hashed. In other words, how are they made safe for storage?

What is a Hash?

Before a password is stored, it is typically converted into a "hash." This isn't technically a form of encryption, because it is a one way process. Once a password has been hashed... there's no going back.

For example, if I hash the phrase "Bananas," I might get back this garbled mess of characters - "1ee31b77d0697c36914b99d1428f7f32."

The reason we do this is so that someone who views the database - a hacker or maybe a dishonest systems adminstrator - can't figure out your password. He or she will see the hash and have no idea what the password is.

The script that checks your password when you log in knows how the hash was created - so it can recreate that hash if you give it the same password. The hash it creates based on your input can then be checked against the one in the database to see if you entered the real password.

Ok, How Do We Create a Hash?

There are two major functions for creating hashes in php - md5() and crypt().

md5 is the simpler function, so we'll start there. You simply call the function like so...

md5("Password String");

This returns the encrypted hash. If you called md5("Bananas"), you would always get "1ee31b77d0697c36914b99d1428f7f32" back as a result. You would then store that phrase in the database to check the password in the future.

Crypt is a bit more complicated. With md5, you always get the same result. With crypt, you can use different encryption keys or "salts" to get different results. You can encrypt something with crypt like this...

crypt("Password String");

or

crypt("Password String", "Salt");

If you do not provide a salt or encryption key, them PHP creates one for you. This changes the way the word is hashed. So if you called crypt("Bananas") twice, you would get two different results. Here's some extra reading on how to use crypt to hash and encrypt a password in PHP.

So Which is Better?

That's debateable. In most cases, crypt uses the same hashing algorithm that md5 does. Neither is necessarily "stronger" than the other.

The one advantage that crypt does has is that it can a different encryption key or salt each time. The same password can have a different hash if it is created with a different salt.

Therefore it is near impossible to create a dictionary of known hashes. With md5, this can be done easily - because each password phrase has only one possible hash value.

A dictionary like this would make a hacking attempt much easier than if the computer had to physically hash and check each possible phrase. Here's some more reading on the difference between md5 and crypt.

Good luck hashing, and remember - the best way to learn php is to try new things. So go practice.

Brian Rock

PHP Tutorials, Web Design Guides, and Money Making Tips.
Latest PHP Tutorials.
Security Related Articles.

Rate this Article: 0 / 5 stars - 0 vote(s)
Print Email Re-Publish


Article Source: http://www.articlesbase.com/web-design-articles/how-to-encrypt-and-hash-passwords-in-php-322708.html
Article Tags: Php, Password, Md5, Crypt, Encrypt, Hash
Add new Comment

Captcha

  • Latest Web Design Articles
  • More from Brian Rock

Website Design Dos and Don’ts

By: Business Local Listings | 06/07/2009
contracting an expert web site developer like Web Dot Com Website Development Philippines, Inc. The company’s programmers and designers who are specialists in php, mysql, JavaScript and other applications craft low cost advanced web site development packages with graphic design and multimedia components including flash animation development. These websites are artistically appealing and effectively achieve the client’s online objectives.

Website Design – An Eye Opener

By: Caitlina Fuller | 05/07/2009
There are many reasons that a person or a company would want a website. Internet marketing is a huge reason a company would likely have a website on the internet.

The Differences between Web Development and Web Design

By: Caitlina Fuller | 05/07/2009
A person can consider themselves as a web designer if they create websites that are considered social networking websites but as professional web designers are concerned, their job consists of much more that creating a site to upload family pictures.

Corporate Business Promotion, Corporate Marketing Technology

By: Jigney Bhachech | 03/07/2009
Offer a wide range of professional seo services like corporate business promotion, search engine marketing, search engine optimization, email marketing, pay per click advertising, seo management, seo maintenance and seo consulting services to launch a successful business website promotion campaign.

The Uses of Color Arts - Photoshop Brush Tools

By: Manish Shrivastava | 03/07/2009
Over the past several years, a strong trend towards using various Photoshop Tools is seen in website design and development. Increasingly, clients ask for the ability of their web sites to reach maximum potential customers as possible.

Reasons to Have a Website Redesign

By: Steve Irron | 03/07/2009
Website redesigning could be a simple task to perform. Though, it can also be a difficult task. There are certain numbers of things which you can do in order to make your website more powerful than before.

Should You Outsource Pay-Per-Click? - Here's “Seven” Good Reasons Why!

By: Chriss Tyrrell | 03/07/2009
One huge difference between pay-per-click agencies and yourself, is that these agencies tend to share and maintain a much closer business relationship with search engine managers, which allows them to do things like resolve issues and contention with these account managers and also upload data much more faster and efficiently. The end result is that their higher level of prioritized service translates directly to a more positive bottom line for these agencies and those who seek out their service

Search Engine Optimisation For Business Success

By: Chriss Tyrrell | 03/07/2009
Its a fact that the Internet has become a far more competitive place to do business. So the old adage, “build a better mouse trap and they will buy it” just doesn't apply any more. Now it seems its “build a better mouse trap, develop an effective SEO campaign and then they will know where to come and buy it”.

How to Encrypt and Hash Passwords in Php

By: Brian Rock | 02/02/2008 | Web Design
If you want to build a user-management system - or work on someone else's - you should know a few basics about how passwords are encrypted or hashed. In other words, how are they made safe for storage?

Three Ways to Display Sample Html in a Web Browser

By: Brian Rock | 16/01/2008 | Web Design
If you want to display some sample HTML, you've got a tiny problem. The browser thinks that it should render the code. This guide suggests three ways that you can force the browser to display the markup un-rendered.

Submit Your Articles Free: Signup
Brian Rock Brian Rock has 3 articles online.
Contact Author
Subscribe to RSS

Print article
Publish this Article
Send to friend


Article Categories



Need Help?
Contact Us
FAQ
Submit Articles
Editorial Guidelines
Blog
Site Links
Recent Articles
Top Authors
Top Articles
Find Articles
Site Map
Webmasters
Partner with Us
RSS Builder
RSS
Link to Us
Business Info
Advertising
Article Writing
Partner with Us

Use of this web site constitutes acceptance of the Terms Of Use and Privacy Policy | User published content is licensed under a Creative Commons License.
Copyright © 2005-2008 Free Articles by ArticlesBase.com, All rights reserved. (0.22, 6)