Hi, i am new to PHP and still in the good old Hello World stages..
I have a few questions:
1. How secure is crypt(); ?
2. What level of encryption is it? i.e. 32bit, 64, 128 etc.
3. Could it be used to encrypt credit card details? If not then which methods do you reconmend?
Thanks in advance
How secure is crypt() ?
Moderator: General Moderators
The security level ovf crypt depends on your OS. If you're on Linux or Windows, crypt is less secure than on a *BSD (include OS X). The crypt used by Linux and Windows is standard 3DES an only on the first 8 characters of the input. This standard crypt is salted, with a not very random salt.
The crypt used by BSD is MD5 with a better salt.
In Linux and Windows, if you give crypt an MD5 style salt, it will do an MD5 crypt which is much more secure. (Some Windows machines don't like this, some do...., the thread linked below shows a work around.)
See my old post at (last post on the page)
viewtopic.php?t=2396&postdays=0&postord ... 533ae4fe78
Remember that crypt is a one-way cypher, so you can't undo it. You can only check if two crypted things match. If you need to encrypt/decrypt something (such as most cc needs) check out the mcrypt library for a symmetric cypher.
The crypt used by BSD is MD5 with a better salt.
In Linux and Windows, if you give crypt an MD5 style salt, it will do an MD5 crypt which is much more secure. (Some Windows machines don't like this, some do...., the thread linked below shows a work around.)
See my old post at (last post on the page)
viewtopic.php?t=2396&postdays=0&postord ... 533ae4fe78
Remember that crypt is a one-way cypher, so you can't undo it. You can only check if two crypted things match. If you need to encrypt/decrypt something (such as most cc needs) check out the mcrypt library for a symmetric cypher.
I appreciate our reply nielsene.
First of all what is 3DES? and BSD? secondly I did try putting the following example into a script on my local machine running apache 2.0.4.5 and PHP 4. but it didnt work...
---------------------------------------------------------------------------------
code:
<?php
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = "This is a very secret key";
$text = "Meet me at 11 o'clock behind the monument.";
echo strlen($text)."\n";
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
echo strlen($crypttext)."\n";
?>
---------------------------------------------------------------------------------
The script generated the following errors:
Fatal error: Call to undefined function: mcrypt_get_iv_size() in C:\Program Files\Apache Group\Apache2\htdocs\mandio\encrypt.php on line 2
---------------------------------------------------------------------------------
Do I need to install some extra modules or something?? If so, can I install them locally??
thanks for your help
First of all what is 3DES? and BSD? secondly I did try putting the following example into a script on my local machine running apache 2.0.4.5 and PHP 4. but it didnt work...
---------------------------------------------------------------------------------
code:
<?php
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = "This is a very secret key";
$text = "Meet me at 11 o'clock behind the monument.";
echo strlen($text)."\n";
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
echo strlen($crypttext)."\n";
?>
---------------------------------------------------------------------------------
The script generated the following errors:
Fatal error: Call to undefined function: mcrypt_get_iv_size() in C:\Program Files\Apache Group\Apache2\htdocs\mandio\encrypt.php on line 2
---------------------------------------------------------------------------------
Do I need to install some extra modules or something?? If so, can I install them locally??
thanks for your help
You need a mcrypt http://mcrypt.hellug.gr/ package, but I don't know is there anything like this for windows, probably not 
BTW: Read the manual - http://php.net/manual/en/ref.mcrypt.php
P.S. Install Linux and test your scripts on REAL configuration
BTW: Read the manual - http://php.net/manual/en/ref.mcrypt.php
P.S. Install Linux and test your scripts on REAL configuration