Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p><em><strong>How do I encrypt and decrypt a password in PHP?</em></strong> By implementing one of many encryption algorithms. (or using one of many libraries)</p> <p><em><strong>What is the safest algorithm to encrypt the passwords with?</em></strong> There are tons of different algorithms, none of which are 100% secure. But many of them are secure enough for commerce and even military purposes</p> <p><em><strong>Where do I store the private key?</em></strong> If you have decided to implement public key - cryptography algorithm(eg RSA), you don't store private key. user have private key. your system has public key which could be stored anywhere you wish.</p> <p><em><strong>Instead of storing the private key, is it a good idea to require users to enter the private key any time they need a password decrypted? (Users of this application can be trusted)</em></strong> Well if your user can remember ridiculously long prime numbers then - yes, why not. But generally you would need to come up with the system which will allow user to store their key somewhere.</p> <p><em><strong>In what ways can the password be stolen and decrypted? What do I need to be aware of?</em></strong> This depends on the algorithm used. However always make sure that you don't send password unencrypted to or from the user. Either encrypt/decrypt it on the client side, or use https(or user other cryptographic means to secure connection between server and client). </p> <p>However if all you need is to store passwords in encrypted way, I would suggest you to use a simple XOR Cipher. The main problem with this algorithm is that it could be easily broken by frequency analysis. However as generally passwords are not made from long paragraphs of English text I don't think you should worry about it. The second problem with XOR Cipher is that if you have a message in both encrypted and decrypted form you could easily find out password with which it was encrypted. Again, not a big problem in your case as it only affects the user who already was compromised by other means.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload