Zend - The PHP Company




Passwords

Add Code


Extra Secure MD5 Hashing  
Type: code fragment
Added by: xdrdre
Entered: 25/03/2006
Last modified: 03/12/2005
Rating: - (fewer than 3 votes)
Views: 6242
adds a 100+ character string (length up to user after editing the key) and base64 encodes it, giving us LOTS of nice random letters and random case and various other characters, with the default key its over 150 characters long after base64'd. then turned into a 32 char md5 hash. Why is this good? Well if someone happens to steal the hash in some way, it would take a super computer to break that 150+ character password full of random case letters and more.


<?
 function EncryptedPassword($pass) {
    $passwordkey 'super.long.secret.password.key.that.will.take.forever.to.brute.force.the.md5.hash.so.anyone.trying.should.just.give.up-';
    return md5(base64_encode($passwordkey.$pass));
}
 ?>


Usage Example


//$_POST['password'] is the variable when registering.
$password=EncryptedPassword($_POST['password']);
//When registering 
query "INSERT into table SET `password`='$password' ...etc";


When logging in, say $_POST['login_pass'] is the submitted pass. and $databasepassword is the encrypted PW stored in DB

if(EncryptedPassword($_POST['login_pass'] != $databasepassword) {
echo "Failed to login";
}else{
echo "Welcome!";
}

//Change key to some super long phrase, but DO NOT CHANGE IT once youve registered an account with it, if you change the key, any accounts made with old key will not work.


Rate This Script





Search



This Category All Categories
Solutions
Products
Services
© 2013 Zend Technologies Ltd. All rights reserved.