I am building a system using PHP & MSSQL and I have a part of the CMS that allows the owner to add users to it, and they wont the password encrypted before going into the database.
What is the best process for this, I have used md5 before but it doesnt seem to be the best way.
Is it then the case that the person who is being added has the normal password sent to him and its basically matched up with its encrypted self in the database, to allow them to log in correctly.
I think many people would agree that sending passwords in plain text to be bad practice.
Maybe you could try the link approach, similar to the way sites reset passwords.
You could send this link to the user, and they navigate to it and set up their own password.
This could even use the same code as the reset password page.
OK that sounds like a good idea, but the first bit I would like some advice on to, and that is the password being encrypted when they enter it before it goes into the database.
What porcess would you use, such as md5 etc, and if you have any opinions on it could you point me towards a script that you think would give me an idea of how to put it together, to encrypt it, and to be able to read it back using md5 or another process.
PHPass is my preferred method for hashing passwords. Hashing functions like MD5 and SHA1 were never designed for password hashing and can be cracked fairly quickly. PHPass uses the mcrypt library, and it also handles all the salting/stretching needed.
i recommend you to use the build in function of mysql AES_ENCRYPT.this is the way how i use it:: AES_ENCRYPT($users_password,$users_password_as_the_key); by using users password as the key, it would be less likely to be cracked.
Thanks for all the responses, but wondered if someone can post some generic code so I can see it in action, remembering that Im using MSSQL database.
The story is:
The woner of this site creates the users from inside the cms, basically they do it and then hand the details out, so this is that page.
$uPassword=$_POST['uPass'];
queryInsert="INSERT INTO x (Password)".
"VALUES('$uPassword')";
So thats the upload bit, very easy I know but just wanted to go through it. The owner then would like the password to be encrypted and sent to the database, and he will then hand write a letter to the new user with his/her new password on.
//function to encrypt the string
function encryptPass($str)
{
for($i=0; $i<12;$i++)
{
$str=strrev(base64_encode($str)); //apply base64 first and then reverse the string
}
return $str;
}
//function to decrypt the string
function decryptPass($str)
{
for($i=0; $i<12;$i++)
{
$str=base64_decode(strrev($str)); //apply base64 first and then reverse the string
}
return $str;
}
////
Encrypting passwords is rather pointless since anyone who gains access to the encrypted passwords will generally also have access to the decryption code that they can then run to decrypt them all.
A better alsternative is to hash the passwirds using something like SHA256 or SHA512 so that there is no decryption routine that can be run.
i dont think so. by doing this, the key is changing always. because the hacker can somehow hack into the web server and see the php script. even hackers get database access, they still have no idea with how to crack password as every password is encrypted differently. that makes a hacker more work to do.
yes, i looked at brute force which is a method of trying all possible keys. but in my method, every user has different password and so every account has different keys. that s a huge project to crack all the user password in the database. if you use other methods which only use one key, would make hackers easier to crack.
Just stop, it doesn’t matter if every user has a different key, to create a brute force against this is very easy todo. Not only that but creating a rainbow table is also possible.
As I have stated previously, encryption is only as strong as the key that is used. You are not using a strong key.
It’s an interesting idea, but ultimately no different than a regular hash function. The user’s password is the input, and a random, irreversible* string is the output.
* Strictly speaking, it is reversible, but only if you already know the original input string.