-3

What is the best way to encrypt a password in Php. Codeigniter's documentation says that password should be hashed using php's Password Hashing extension. Until now i have been encrypting password's using encryption key of codeigniter. Any suggestions.

amit rawat
  • 395
  • 1
  • 2
  • 12
  • Passwords shouldnt be reversible so they should be hashed, not encrypted. – chris85 Sep 07 '17 at 05:11
  • Use this http://php.net/manual/en/function.password-hash.php to create password and this to verify it http://php.net/manual/en/function.password-verify.php – Mr. ED Sep 07 '17 at 06:09
  • Check [this](https://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php?rq=1) answer. – Tpojka Sep 07 '17 at 14:41

2 Answers2

5

Use this is for password Hashing

<?php
/**
 * We just want to hash our password using the current DEFAULT algorithm.
 * This is presently BCRYPT, and will produce a 60 character result.
 *
 * Beware that DEFAULT may change over time, so you would want to prepare
 * By allowing your storage to expand past 60 characters (255 would be good)
 */
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT)."\n";
?>

Use this is for password Hashing Verify

<?php
// See the password_hash() example to see where this came from.
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';

if (password_verify('rasmuslerdorf', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}
?>
Swadesh Ranjan Dash
  • 511
  • 1
  • 4
  • 16
-4

You can also use md5() function for password encryption and Decryption.

Here is the example :

$password = '123456789';
$encrypted_password = md5($password);
echo "Encrypted Password :".$encrypted_password;

-------------------
Output :

Encrypted Password : 25f9e794323b453885f5181f1b624d0b

Now to check entered password is correct or not ( for example login ) get stored md5 password from the database and you can check it this way.

$entered_password = '123456789';
$encrypted_password = md5($entered_password);

if($encrypted_password == $password){
echo "Success";
}else{
echo "Fail";
}
Naushil Jain
  • 384
  • 2
  • 11
  • 1
    no no no no md5 is terrible. **Warning It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm. See the Password Hashing FAQ for details and best practices.** http://php.net/manual/en/function.md5.php –  Sep 07 '17 at 06:05