问题
I am programming a PHP site that allows users to register,I'm using codeigniter php and I want to know the best function to encrypt passwords and what difference between this function?
回答1:
Passwords should almost never be encrypted. Instead, they should be one-way hashed.
Generally, bcrypt is recommended, as it's resistant to brute forcing, where common alternatives like md5 or sha1 fail.
回答2:
Use PHPass: http://www.openwall.com/phpass/
The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, also supported with our public domain crypt_blowfish package (for C applications), and known in PHP as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself (also referred to as portable hashes).
Put it in application/third_party, and use vanilla PHP to load it (not CI's loader):
require_once APPPATH.'third_party/phpass-0.3/PasswordHash.php';
$hash_iterations = 100;
$portable_hashes = FALSE;
$phpass = new PasswordHash($hash_iterations, $portable_hashes);
Example usage:
// Hash a password before storing it in the DB
$hashed_password = $phpass->HashPassword($user_input);
// Check a given password against a stored hashed password
$is_valid = $phpass->CheckPassword($user_input, $stored_hash_of_password);
回答3:
This is a custom encryption class which im using in codeigniter
<?php
class Encryption {
var $skey = "EsUriEncKey2012";
public function safe_b64encode($string) {
$data = base64_encode($string);
$data = str_replace(array('+','/','='),array('-','_',''),$data);
return $data;
}
public function safe_b64decode($string) {
$data = str_replace(array('-','_'),array('+','/'),$string);
$mod4 = strlen($data) % 4;
if ($mod4) {
$data .= substr('====', $mod4);
}
return base64_decode($data);
}
public function encode($value){
if(!$value){return false;}
$text = $value;
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->skey, $text, MCRYPT_MODE_ECB, $iv);
return trim($this->safe_b64encode($crypttext));
}
public function decode($value){
if(!$value){return false;}
$crypttext = $this->safe_b64decode($value);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->skey, $crypttext, MCRYPT_MODE_ECB, $iv);
return trim($decrypttext);
}
}
?>
来源:https://stackoverflow.com/questions/14200895/functions-used-to-encrypt-password-in-php