Hashing for cryption / decryption

rr1024

Hello All and thanks for taking a look at this,

Does anyone know of away we can add SALT to base64_encode(), I currently use
crypt("string", "mysecret_string"), however this is not decodable from what I have read. i.e. crypt is one way where as base64_encode() swings both ways with
base64_decode().

However, I don't see base64_encode() very useful because you can't make it site or function specific.

It seems if base64_encode() and base64_decode() were SALT cabable then they could be very useful for a lot of stuff.

You could do $myhash = base64_encode( "string", "mysecret_string") and of course get it back with base64_encode( $myhash, "mysecret_string")

So long as you never gave out your "mysecret_string" then no one else could really decode it and if they actually took the time to do it then you probably need a better encryption anyway... 🙂

Does anyone know of away or functions that could do this, also is there away to propose this to the PHP GODS if anyone thinks this is a good idea then maybe we could supply offerings to the gods...lol

I'm just proposing this for kind of low level cryption stuff that you could get back if you needed or wanted too....

laserlight

Use strong encryption, perhaps via [man]mcrypt[/man]. As far as I know, base64 encoding is not meant to be cryptographically secure.

So long as you never gave out your "mysecret_string" then no one else could really decode it and if they actually took the time to do it then you probably need a better encryption anyway...

Precisely.

rr1024

I do have another question

If your on a shared hosted server how do you know which encryptions are available.

Say I wanted to do something like

$key = "1234";

if ( SHA1 == 1)
     $password = sha1($mypassword);
elseif ( MD5 == 1 )
     $password = md5($mypassword);
elseif ( mcrypt_ecb == 1 )
     $password = mcrypt_ecb (MCRYPT_3DES, $key, $mypassword, MCRYPT_ENCRYPT);

I guess what I'm looking for are a list of constants defined in php.ini that are accessable via one's script that let you know what encryptions are on or off.

devinemke

[man]ini_get[/man]
[man]ini_get_all[/man]
[man]get_loaded_extensions[/man]
[man]extension_loaded[/man]

or simply inspect the output from [man]phpinfo[/man]

MarkR

base64_encode() is not a cryptographic cipher and will not protect anything from anyone. It should not be used in this context.

Mark

rr1024

point take on the base64 but I guess what I'm trying to say is it would nice to have a cypher a "weak" type where you can cypher and uncypher just for non critical things and something that would be harder to decode than base64_encode.

Like if there was something like

$salt = "myPassword";

Then do something like

$mypassword = crypt("memberPassword", $salt);
echo $mypassword;
Output would be crypted 8HGlfr(9ahebr whatever

$uncryptpassword = decrypt($mypassword, $salt);

echo $uncryptpassword;
Output would be memberPassword

I guess the salt would be a password or long string used to cypher the string and you couldn't uncypher the string without it.

Something like this would only be used for very low level things like passwords and email addresses.
There are always hacker that get into things like phpbb and their goal is usually to get all the members email address. So let say they find a hack into phpbb admin where the email address are displayed if all they are shown is the cyphered version and in order to view the actual email address they must supply the $salt via input box...

I'm just offer this as one possibe way of what this would/could be used for

Thanks for the functions I'll see if that helps this evening....