SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Encrypting and decrypting passwords

    Hello,

    I want to encrypt all the members password and then store them in the database.

    When they log in I perform the following check:

    if (ENCRYPT($form_password) != $database_password) {//error}

    But I also want to be able to decrypt the password so I can send the user the password when they've lost it.

    Which Encrypt/Decrypt method can I use?

    (I can make my own but why bother.)
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  2. #2
    ********* Wizard silver trophy Cam's Avatar
    Join Date
    Aug 2002
    Location
    Burpengary, Australia
    Posts
    4,495
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    The most secure way to do this is not to do it at all

    If the user has lost their password, give them a link to a script which once passed their user id, will generate a new random password, email it to them, hash it then store in the DB.

  3. #3
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DJ P@CkMaN
    The most secure way to do this is not to do it at all [img]images/smilies/wink.gif[/img]

    If the user has lost their password, give them a link to a script which once passed their user id, will generate a new random password, email it to them, hash it then store in the DB.
    No, I don't think it's a good idea to do this. I've had this discussion here before.

    Since the member lost his password, the only way that he can identify his self by entering his userid. That's the only input necessary. But that means that any one can change the password of someone else by entering an userid in your script. Innocent members will get their password changed without nowing why.

    If the SitePoint forums was like this, then I can change your password by entering userid "DJ P@CkMaN" in the script and you will receive a new password by e-mail.

    No, the best method is the encrypt and decrypt method.
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  4. #4
    ********* Wizard silver trophy Cam's Avatar
    Join Date
    Aug 2002
    Location
    Burpengary, Australia
    Posts
    4,495
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by DeNasio
    No, the best method is the encrypt and decrypt method.
    I think you'll find that most members of this forum disagree with that. If it was true, then why do huge systems such as phpBB, vBulletin and ezPublish use a one-way hash system like MD5 rather than a encrypt/decrypt method?

    If you really must know, then base64_encrypt and base64_decrypt is probably the only default functions in PHP which do this.

    Quote Originally Posted by DeNasio
    If the SitePoint forums was like this, then I can change your password by entering userid "DJ P@CkMaN" in the script and you will receive a new password by e-mail.
    Ummm, that's exactly what this page does

  5. #5
    SitePoint Zealot DaisyChain's Avatar
    Join Date
    Aug 2002
    Location
    Manchester, England
    Posts
    149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'd be interested to know the answer to this too. I currently run a site where the users password is encrypted using the crypt function. This works well for security purposes but it means if the user forgets their password they must contact me, I delete their user in the database and then they must register again. Not ideal with a large number of users :-(

  6. #6
    ********* Wizard silver trophy Cam's Avatar
    Join Date
    Aug 2002
    Location
    Burpengary, Australia
    Posts
    4,495
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by DaisyChain
    I'd be interested to know the answer to this too. I currently run a site where the users password is encrypted using the crypt function. This works well for security purposes but it means if the user forgets their password they must contact me, I delete their user in the database and then they must register again. Not ideal with a large number of users :-(
    Well, I believe CRYPT is a one-way hash so you're stuck

    But that is not the most secure way to do it!

  7. #7
    SitePoint Guru
    Join Date
    Jan 2001
    Location
    Alkmaar, Netherlands
    Posts
    710
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am with DJ about this subject. 2 way encyption is not a safe method. I sleep better when I use one way strong encrytion. Because I do not have a way to retrieve their password even for myself.

    When they forget their password ask for their birthday or favorite pet.... and create a random password and send it to them.
    Last edited by sylow; Aug 7, 2003 at 02:47.

  8. #8
    SitePoint Wizard silver trophy Karl's Avatar
    Join Date
    Jul 1999
    Location
    Derbyshire, UK
    Posts
    4,411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nearly all user auth systems these days store the hash of the password, and not the password encrypted in a way that can be retrieved. As for vBulletin, I think you'll find that if you forget your password for vBulletin it will send you a new random one and not your existing password.
    Karl Austin :: Profile :: KDA Web Services Ltd.
    Business Web Hosting :: Managed Dedicated Hosting
    Call 0800 542 9764 today and ask how we can help your business grow.

  9. #9
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sylow
    When they forget their password ask for their birthday or favorite pet.... and create a random password and send it to them.
    That's just it, I only register their e-mail address and password. Users do not like to fill in too many field (birthdate, favorite pet, etc.) in the sign up proces. My experience is that many leave these fields empty, or fill in garbage.

    I think that a system that can retrieve your original password is far more userfriendly than a system that changes your password every time you loose it!
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  10. #10
    ********* Wizard silver trophy Cam's Avatar
    Join Date
    Aug 2002
    Location
    Burpengary, Australia
    Posts
    4,495
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    Yeah, sure. User friendly, just not secure! You decide whether you want your visitors passwords to be secure or you want to make it easier for them, I just know there's no chance I'll be signing up at your site!

    What you do is make the fields required, so they can't leave them blank, but if they still fill in garbage, so what? When they lose their password and ask for it back say, sorry, you stuffed up by being an idiot, re-sign up!

  11. #11
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DeNasio
    That's just it, I only register their e-mail address and password. Users do not like to fill in too many field (birthdate, favorite pet, etc.) in the sign up proces. My experience is that many leave these fields empty, or fill in garbage.

    I think that a system that can retrieve your original password is far more userfriendly than a system that changes your password every time you loose it!
    Then why bother encrypting the passwords at all?

    If the passwords are stored as plain text, they can be hacked.
    If the passwords can be decrypted, the hacker has just one extra step to run, then they can be hacked.

    The safest, and most convenient method for both the customer and the programmer, is the system most widely used today (The email address / new password verification, mentioned above). Otherwise, you risk having stolen accounts, by which people can masquerade as another (It's not hard to send an realistic email from whatever address you want, asking to have the password changed)
    My name is Steve, and I'm a super-villian.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •