0 php security encryption mcrypt
我已经登录并注册了页面.但是我的密码还没有加密.人们告诉我这是一个坏主意,我应该加密他们.所以我一直在搜索如何加密和解密我的密码.我找到了一个关于如何加密我的密码的例子,但我不知道如何为我的登录页面再次解密它.这是我的加密代码:
$key = "some random security key";
$input = $password;
$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$password = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
所以我的问题是:有人能告诉我需要解密我从上面的代码中得到的字符串的代码.
你可以加密和解密这样的东西:
//this is some config for a good security level of mcrypt
define('SAFETY_CIPHER', MCRYPT_RIJNDAEL_256);
define('SAFETY_MODE', MCRYPT_MODE_CFB);
//this has to be defined somewhere in the application.
define('APPLICATION_WIDE_PASSPHRASE', 'put-something-secure-here');
define('ENCRYPTION_DIVIDER_TOKEN', '$$');
//some "example" data as if provided by the user
$password = 'this-is-your-data-you-need-to-encrypt';
//this key is then cut to the maximum key length
$key = substr(md5(APPLICATION_WIDE_PASSPHRASE), 0, mcrypt_get_key_size(SAFETY_CIPHER, SAFETY_MODE));
//this is needed to initialize the mcrypt algorythm
$initVector = mcrypt_create_iv(mcrypt_get_iv_size(SAFETY_CIPHER, SAFETY_MODE), MCRYPT_RAND);
//encrypt the password
$encrypted = mcrypt_encrypt(SAFETY_CIPHER, $key, $password, SAFETY_MODE, $initVector);
//show it (store it in db in this form
echo base64_encode($initVector) . ENCRYPTION_DIVIDER_TOKEN . base64_encode($encrypted) . '<br/>';
//decrypt an show it again
echo mcrypt_decrypt(SAFETY_CIPHER, $key, $encrypted, SAFETY_MODE, $initVector) . '<br/>';
但如前所述,密码不应从其散列表示中恢复,因此不要对密码执行此操作!