Encryption and Decryption

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Beans
Forum Commoner
Posts: 49
Joined: Mon Dec 23, 2002 3:06 am
Location: Manila, Philippines
Contact:

Encryption and Decryption

Post by Beans »

Hi!

I made a script which has an admin control panel. I am currently using MySQL's password() function to encrypt the password that will be entered by the admin when he makes the user account.

I am looking for other alternatives to this. When an admin pulls up a certain user account from the control panel, it wil lshow all fields where the admin can actually change the info (level, status, etc.). However, as the password was encrypted, it will show the encrypted form of the password. If the admin decides not to change the password and continues on to save the record, all hell would break lose.

My question is: Is there a better way to encrypt a string? I should also be able to decrypt it when I need to show the actual value (not the encrypted value).
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

using reversible encryption for passwords is not much of a point if the decrypt code is stored under the same user access as the where the login info to your db is (it may slow someone down a minute or two)... If you really do want to store encoded with a symmetric key I suggest using mysql's encode() function anywhere you INSERT or UPDATE and then anywhere you SELECT it just use mysql's decode function...

If you are looking for password security, forget about decoding them on the same server... If you need a safe solution I suggest something like that when a user creates or changes his password, a md5 or hmac hash is stored for validation at login, at the same time the password is also encoded using gnupg or openssl, store it in its own table for the rear occations you/the-admin need to see them, when you do need to see them, fetch to your local machine, disconnect from the net, import your own key, decode the pass (when done, remove the key and cahce etc before re-attaching to the net)... well the last steps of disconnecting etc is rather extreme, but that is what GNU "strongly" recommends in their Gnupg/Security/Privacy manual.. Main thing is, don't have anything on the public server that can be used to decode the sensitive info..
Beans
Forum Commoner
Posts: 49
Joined: Mon Dec 23, 2002 3:06 am
Location: Manila, Philippines
Contact:

Post by Beans »

After reading your response, I got 1 conclusion:

I AM A COMPLETE IDIOT WHEN IT COMES TO SECURITY IN SCRIPTING.

Hehe...

I'll try reading more regarding this and try to give your suggestion a go.

Thanks man!
Jim
Forum Contributor
Posts: 238
Joined: Fri Apr 19, 2002 5:26 am
Location: Near Austin, Texas

Hmmm...

Post by Jim »

Is it absolutely imperative that the password be decrypted?

If you're making an admin script that offers the ability to change passwords, don't create a field that pulls the password from the database... simply create a field that will overwrite the CURRENT password on the db. Sure, you won't be able to find your old password, but if you can't remember it in the first place, who cares? Replace it with one you know.

In most scripts, md5 is used to "encrypt" data. You might want to try using it. Then again, I'm a n00b, so who knows? ;)
Jim
Forum Contributor
Posts: 238
Joined: Fri Apr 19, 2002 5:26 am
Location: Near Austin, Texas

Whoa, what a coincidence...

Post by Jim »

Just browsing through phpcomplete.com and I found an article you might find interesting concerning 2-way password encryption.

http://www.phpcomplete.com/articles.php/312

Enjoy!
Beans
Forum Commoner
Posts: 49
Joined: Mon Dec 23, 2002 3:06 am
Location: Manila, Philippines
Contact:

Post by Beans »

Jim,

You're right there. I implemented it by not showing the current password. If the admin feels he needs to change the password of the user, he can set the password in the field. But if he does nothing (leaves the field blank), then the authentication class I made would ignore it and maintain the same password as is.

I'll take a look at the article you sent. Thanks!
Post Reply