Comments on: Password Encryption and Decryption Technique in PHP

By: Erick

Erick — Wed, 15 Jun 2011 04:10:53 +0000

I want to thank you for this ingenious “encryption” algorithm. Due to your ineptitude, and that of my client’s web development company, I found this algorithm used in production. I seriously hope that you quit development before you inflict any further damage.

By: Jonathan

Jonathan — Tue, 08 Feb 2011 08:50:51 +0000

This has to be one of the worst articles on PHP encryption / password storage I have ever seen. Sadly it ranks No. 1 in google for certain related search terms.

Firstly, MD5 and SHA1 are HASHING ALGORITHMS – no encryption there – read a book

Secondly, user passwords should NEVER be reversible – if someone forgets their password then they should be sent a randomly generated one and given the option (or be forced) to change it on next login.

Third, your ‘encryption’ functions are lame – just use something like mcrypt with a decent algorithm.

By: Alessandro

Alessandro — Tue, 24 Aug 2010 11:38:41 +0000

Hash cracker is a web-service that allows you to encrypt your passwords
or crack your hashed passwords with MD5, SHA1 or NTLM algorithms.
You can also encode or decode texts with Base64 system.

http://www.hash-cracker.com

Video tutorial:

http://www.youtube.com/watch?v=JVxdQPdGXec

By: K. Matheny

K. Matheny — Sat, 23 Jan 2010 20:49:09 +0000

I’ve always been taught that when storing sensitive data, it’s needs to be a one-way encryption, meaning there should be no decryption method. You should only be able to encrypt a string and say whether or not it matches another encrypted string to determine its validity.

Not a bad article though.

By: k satyadeep

k satyadeep — Mon, 07 Dec 2009 18:29:10 +0000

very useful info thanks

By: Jared kidambi

Jared kidambi — Fri, 30 Oct 2009 16:04:42 +0000

I tried it out and men, this is miracle. lovely work

By: ray

ray — Sun, 17 May 2009 14:24:23 +0000

banu, I’m not an expert but since no-one else has replied I’ll make a couple of suggestions (please no-one bite my head off if they are naive!)..

Take a look at GPG (Gnu Privacy Guard free open source) from http://www.gnupg.org

Or failing that maybe there’s a way to zip your files with passwords? (just an off the cuff idea)

By: ray

ray — Sat, 16 May 2009 16:42:00 +0000

Anonamoose has indicated in quite strong terms that the use of MySQL’s AES_ENCRYPT( )and AES_DECRYPT() functions is a very bad idea (although I personally see “insanity” and “ignorance” as very different conditions and consider myself to be suffering more from the latter than the former), but can anyone tell me why? I appreciate that for password security hashing the password and comparing against hashed entered passwords is the sensible method, but what about encryption of email addresses, credit card details, etc etc. Is the implication that use of AES_ENCRYPT() for this would also consitute a need for pyschiatric care? I suppose I COULD try the suggestion of Googling for something like “why-is-it-a-mad-idea-to-use-AES_ENCRYPT()” but then I really think they would need to take me a way in a van! Can anyone enlighten me?

By: ray

ray — Sat, 16 May 2009 16:31:14 +0000

Rajeskar, I’m sure every hacker in the world would love to know how to do that. But from what I’ve gathered (and I’m a “kiddie” at this) the whole point of using SHA1() is that it produces a hash or pseudo encrption of a string that CANNOT be decrypted. Its not so much an encryption as a “unique” (and I use the word with caution as it may not always necessarilly be unique) aspect or representation of the string that created it., but holding no information as to exactly what the original string looked like or how to get back to it. Its only use is to compare it against another hashed string to see if both hashes look like they probably (in fact “almost” certainly) came from the same original string (i.e. that the entered password is the same as the stored one) .

By: Asylum

Asylum — Fri, 15 May 2009 00:41:56 +0000

md5 and sha are hash algorithms, not encryption. Here are a few PHP encryption functions.
crypt
mcrypt

By: banu

banu — Wed, 22 Apr 2009 18:38:45 +0000

Hi ,I am looking for a way to encrypt and decrypt a file that I’m going to store on the filesystem. I am looking for something like base 64 encode. but base 64 doesnt use a key to encode. I would like something that I can encode using key and decode using key. It should be able to encode and decode all kinds of files that I upload.

Any help would be really appreciated.

thanks,

By: Rajasekar

Rajasekar — Fri, 03 Apr 2009 07:20:15 +0000

I generated sha1() string in order to store a password in the table. But i want to know how to retrive back the original password as a normal string in order to send the password to the users who have submitted the forgotten request. I want to know is there any function that i can retireve the password in normal string form. coding done in PHP

Please any one help me on this…

By: the k

the k — Sat, 14 Mar 2009 20:51:12 +0000

What is it with people thinking applying a poor “encryption” multiple times makes it any less poor? Generally, if you don’t see the flaws above commenters point out and understand what the big idea is, you might as well use no hashing at all and receive the same functionality and security with less work.

By: kapil

kapil — Wed, 17 Sep 2008 07:20:13 +0000

Thankx…. i was looking for custom function.. to encryption and decryption.. its easy and usefull..

thankx SEO Expert..

By: Bonafide

Bonafide — Thu, 31 Jul 2008 13:19:50 +0000

This IS a helpful article for beginners.
If you are one, expand on this simple technique. Mix it up a bit.

If you have any level of security concern, don’t use this because its way too obvious.

Generally helpful comments on this site too – kudos