Clever Geek Handbook

CodeIgniter password encryption and verification

I am using CodeIgniter and create a section of a site where users should be registered. I read about storing passwords as MD5 hashes and encrypted strings with salts, but I don't see anything about decrypting.

Is it effective / safe to encrypt password attempts the same way they were encrypted when they were saved for validation?

Is this the recommended way to store passwords in a php application or using the CodeIgniter Framework?

+1


source to share


6 answers


There are already auth libraries ready to go (from the box you can say), here is a link to another question similar to this one http://www.stackoverflow.com/questions/346980/how-should-i-choose-an-authentication- library-for-codeigniter
note: I like Tank Auth labeled groups ".



+1


source


CodeIgniter uses a library called "Tank Auth": http://konyukhov.com/soft/tank_auth/ It includes the "PasswordHash.php" class: http://bit.ly/1gahwtT

Sample code:



require "PasswordHash.php";

define("phpass_hash_portable",TRUE);
define("phpass_hash_strength",8);

$hasher = new PasswordHash(phpass_hash_strength,phpass_hash_portable);
if ($hasher->CheckPassword($password_to_check, $original_encoded_password)) {
    echo "password correct";
} else {
    echo "password incorrect";
}
+1


source


the two comments to your answers show links to good answers to add more. If you are just into hashing, you can also use crypt . note crypt is different from mcrypt, tricked me once. An example of a crypt can be found on the laravel3 Hash class . or you can also use php pass - a library that uses OpenBSD style Blowfish based bcrypt.

Add thanks to cryptic, ircmaxell has a hashing library as well. here

0


source


Don't use md5 or base64. Sha1 is also broken. Better to use bcrypt.

You can use this library with codeigniter to check bcrypt passwords

0


source


Passwords are stored in hashed format because in most cases there is no need to recover them from the original string. The md5 function generates a unique 32-letter string that can be verified by comparing two hashes. To answer your question:

  • Yes, this is the standard way to store passwords.

  • MD5 is no longer secure, which is why most people start using php hash

with the "sha512" algorithm and salt of course.

-2


source


this function can be used entirely for u ..

$this->load->library('encrypt');
$this->encrypt->sha1($yaourpassword);
-3


source






More articles:


All Articles