使用 mcrypt、PHP 和 MySQL 进行加密

发布于 2024-11-02 18:38:54 字数 958 浏览 4 评论 0原文

我正在尝试使用 mcrypt 在我的数据库中存储密码。首先,它确实有效,但只是在某些时候有效。

这是我的加密代码:

    //Encryption/Decryption key
    $key = $username.$username.$username.$username.$username;
    //Encryption Algorithm
    $cipher_alg = MCRYPT_RIJNDAEL_256;

    $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, MCRYPT_MODE_ECB), MCRYPT_RAND);
    $password = mcrypt_encrypt($cipher_alg, $key, $pass1, MCRYPT_MODE_CBC, $iv);

然后将 $username、$iv 和 $password 上传到 MySQL 数据库。

这是我的解密代码:

    //Encryption/Decryption key
    $key = $username.$username.$username.$username.$username;

    //Encryption Algorithm
    $cipher_alg = MCRYPT_RIJNDAEL_256;

    $dbpass = mcrypt_decrypt($cipher_alg, $key, $encpass, MCRYPT_MODE_CBC, $random);
    $dbpass = trim($dbpass); // Trim the fat

从数据库中检索 $username、$iv 和 $encpass(加密密码),并使用用户名重新创建密钥。

这有效,但只是有时有效。我不明白为什么。我唯一的假设是数据库无法接受加密产生的某些字符,例如引号。

任何帮助将不胜感激!

I am trying to use mcrypt to store a password on my database. First of all, it WORKS, but only some of the time.

Here is my encryption code:

    //Encryption/Decryption key
    $key = $username.$username.$username.$username.$username;
    //Encryption Algorithm
    $cipher_alg = MCRYPT_RIJNDAEL_256;

    $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, MCRYPT_MODE_ECB), MCRYPT_RAND);
    $password = mcrypt_encrypt($cipher_alg, $key, $pass1, MCRYPT_MODE_CBC, $iv);

This then uploads the $username, the $iv and the $password to the MySQL database.

Here is my decryption code:

    //Encryption/Decryption key
    $key = $username.$username.$username.$username.$username;

    //Encryption Algorithm
    $cipher_alg = MCRYPT_RIJNDAEL_256;

    $dbpass = mcrypt_decrypt($cipher_alg, $key, $encpass, MCRYPT_MODE_CBC, $random);
    $dbpass = trim($dbpass); // Trim the fat

The $username, $iv, and $encpass(encrypted password) are retrieved from the database and the key is recreated using the username.

This WORKS but only sometimes. I can't figure out why. My only assumption is that the database can't accept some of characters the encryption produces such as quotations.

Any help would be greatly appreciated!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

陌伤浅笑 2024-11-09 18:38:54
$salt = time(); // I would use something other than time(), something more random

// store it in the db and redirect user
connect();
$query = mysql_query("INSERT INTO user VALUES
                      ('".mysql_real_escape_string($username)."',
                       '".mysql_real_escape_string(sha1($password . $salt))."',
                       '".mysql_real_escape_string($salt)."') ");

// returning user
$username = $_POST['username'];
$password = $_POST['password'];

// retrieve stored password
connect();
$result = mysql_query("SELECT * FROM user WHERE username = '".mysql_real_escape_string($username)."' ");
$row = mysql_fetch_assoc($result);
if (!$result) {
// user doesn't exist
}
$storedPassword = $row['password'];
$salt = $row['salt'];

$hashedPassword = sha1($password . $salt);

if ($storedPassword != $hashedPassword) {
// exit
}
else {
// redirect user
}

我并不是说这是最安全的,它只是用盐进行单向散列的一个小例子。

$salt = time(); // I would use something other than time(), something more random

// store it in the db and redirect user
connect();
$query = mysql_query("INSERT INTO user VALUES
                      ('".mysql_real_escape_string($username)."',
                       '".mysql_real_escape_string(sha1($password . $salt))."',
                       '".mysql_real_escape_string($salt)."') ");

// returning user
$username = $_POST['username'];
$password = $_POST['password'];

// retrieve stored password
connect();
$result = mysql_query("SELECT * FROM user WHERE username = '".mysql_real_escape_string($username)."' ");
$row = mysql_fetch_assoc($result);
if (!$result) {
// user doesn't exist
}
$storedPassword = $row['password'];
$salt = $row['salt'];

$hashedPassword = sha1($password . $salt);

if ($storedPassword != $hashedPassword) {
// exit
}
else {
// redirect user
}

I'm not claiming this is the most secure, it is simply just a small example of one way hashing with a salt.

自此以后,行同陌路 2024-11-09 18:38:54

您可以尝试下面的代码进行两种方式的加密。您可以根据您的要求添加盐和密码。

$key = 'ecryptionkey';
$string = 'password';

$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));   
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");

var_dump($encrypted);
var_dump($decrypted);

我从下面的 URL 获取了此代码,并在我的应用程序中使用它。

https://stackoverflow.com/a/9262137/1724762

You can try below code for 2 way encryption. You may add salt with password as per your requirement.

$key = 'ecryptionkey';
$string = 'password';

$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));   
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");

var_dump($encrypted);
var_dump($decrypted);

I got this code from below URL and I'm using it in my application.

https://stackoverflow.com/a/9262137/1724762

深府石板幽径 2024-11-09 18:38:54

如果您将用户的密码存储在数据库中,则应该使用单向散列

这只是一个非常简单的示例,

$username = $_POST['username'];
$password = $_POST['password'];
$salt     = 'Some Salt';

$result = mysql_query("SELECT username, password
                       WHERE username = '".mysql_real_escape_string($username)."'
                       AND   password = '".mysql_real_escape_string(sha1($password . $salt))."'
                       LIMIT 1");

if(mysql_num_rows($result)) {
// we have a match
}
else {
// no match
}

在我的示例中,您必须使用 sha1 插入带有附加盐的用户密码。请记住,这只是在数据库中存储用户密码的建议。

If you are storing a user's password in the database, you should be using one-way hashing

Here is just a very minimalist example

$username = $_POST['username'];
$password = $_POST['password'];
$salt     = 'Some Salt';

$result = mysql_query("SELECT username, password
                       WHERE username = '".mysql_real_escape_string($username)."'
                       AND   password = '".mysql_real_escape_string(sha1($password . $salt))."'
                       LIMIT 1");

if(mysql_num_rows($result)) {
// we have a match
}
else {
// no match
}

You would have to be inserting user passwords with an appended salt using sha1 in my example. Keep in mind, this is just a suggestion for storing user passwords in the database.

长途伴 2024-11-09 18:38:54

同意对于您的特定用例(存储用户密码),单向哈希是最好的。

但对于确实需要使用 mcrypt 以及 PHP 和 MySQL 的人,请参阅 MySql 将二进制数据插入数据库没有错误。一个简单的选择是 base64_encode/base64_decode -- 这是一个示例

Agreed that for your particular use case (storing users' passwords), a one-way hash would be best.

But for people who really do need to use mcrypt and PHP and MySQL, see the various options in MySql insert binary data to db without errors. One easy option is base64_encode/base64_decode -- here's an example.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文