Passwords are stored in the database. Is that safe? Any intruder with read access can steal account information of all users and they will torn your website by logging into administrative areas. There are plenty of ways to store the passwords securely in database.
This function will concatinate username, password and salt. Then it will use the hash function to hash the password. We can use any encryption hash method to hash the value. Most common hashing functions are sha256, sha512, whirlpool and ripemd256.
Method 2: Encryption
Another technique of securing the passwords is encryption. All encryption methods can be reversible. It is the main advantage and disadvantage of encryption methods. There are several well known public encryption methods developed by communities. Their source code is known to everyone and hackers may have developed the decryption methods. So it is better to use a custom script for decryption. HtmlExplorer has developed a simple encryption method to show you how this stuff works.
Let's call both functions and see the output
The output will be
Method 1: Hashing
Your passwords will be more secure if you use hashing algorithm like SHA256 or ripemd256 with a salt combination. Here is a sample function which does the hashing technique.
function secure_hashing($userName, $passwordValue) {
$salt_for_hash = "12anHm8e3MT-83*2cMQ1mlZaU3*2LcQ1mlZaU";
$combination_for_salt = $userName . $passwordValue . $salt_for_hash;
$salted_hash = hash("sha256", $combination_for_salt);
return $salted_hash;
}
This function will concatinate username, password and salt. Then it will use the hash function to hash the password. We can use any encryption hash method to hash the value. Most common hashing functions are sha256, sha512, whirlpool and ripemd256.
//Here 'buddha449' is the username and password is 'trUO(67#yo!'
echo secure_hashing('buddha449', 'trUO(67#yo!');
// The output will be
13f67d404de347819f272beb60f06a86fc1006f56a5b8ee261172250d41ec1f7
Method 2: Encryption
Another technique of securing the passwords is encryption. All encryption methods can be reversible. It is the main advantage and disadvantage of encryption methods. There are several well known public encryption methods developed by communities. Their source code is known to everyone and hackers may have developed the decryption methods. So it is better to use a custom script for decryption. HtmlExplorer has developed a simple encryption method to show you how this stuff works.
function htmlexplorer_encrypt($inputtext, $registered_date){
$readd_to_number = "";
for($i =0; $i < strlen($inputtext); $i++){
$readd_to_number .= ord($inputtext[$i])*$registered_date."|";
}
return $readd_to_number;
}
function htmlexplorer_decrypt($encryptedtext, $registered_date){
$real_string = "";
$extract_list = explode('|', $encryptedtext);
foreach($extract_list as $list_ele){
$real_string .= chr(($list_ele / $registered_date));
}
return $real_string;
}
Let's call both functions and see the output
//registered date of the user is given as second parameter (01/01/2014).
echo "Encrypted string of trUO(67#yo! is ".$encrypted = htmlexplorer_encrypt('trUO(67#yo!', "01012014");
echo "
";
echo "Decrypted back to ".$decrypted = htmlexplorer_decrypt($encrypted, "01012014");
The output will be
Encrypted string of trUO(67#yo! is 117393624|115369596|86021190|79949106|40480560|54648756|55660770|35420490|122453694|112333554|33396462| Decrypted back to trUO(67#yo!
You can modify this and make your own script.
0 comments:
Post a Comment