An in-depth analysis of PHP data encryption methods

mysql>CREATE TABLE members (
->username CHAR(14) NOT NULL,
->password CHAR(32) NOT NULL,
->PRIMARY KEY(username)
->);

Then, we assume that the following data is already stored in the table:

$enteredPassword.
$salt = substr($enteredPassword, 0, 2);
$userPswd = crypt($enteredPassword, $salt);
// $userPswd is then stored in MySQL together with the username In

I will be using Apache's password-response authentication configuration to prompt the user for their username and password. A little known fact about PHP is that it can pass the Apache password-response system input to the user. The name and password are identified as $PHP_AUTH_USER and $PHP_AUTH_PW, which I will use in the authentication script. Take some time to read the script below carefully and pay more attention to the explanations to better understand the following code: Application of crypt() and Apache's password-response verification system

$host = "localhost";
$user = "zorro";
$pswd = "hell odolly";
$db = "users";
// Set authorization to False
$authorization = 0 ;
// Verify that user has entered username and password
if (isset($PHP_AUTH_USER) &&isset($PHP_AUTH_PW)) :
mysql_pconnect($host, $user, $pswd) or die("Can't connect to MySQL
 server!");
mysql_select_db($db) or die("Can't select database!");
// Perform the encryption
$salt = substr($PHP_AUTH_PW, 0, 2);
$encrypted_pswd = crypt( $PHP_AUTH_PW, $salt);
// Build the query
$query = "SELECT username FROM members WHERE
username = '$PHP_AUTH_USER' AND
password = '$encrypted_pswd'";
// Execute the query
if (mysql_numrows (mysql_query($query)) == 1) :
$authorization = 1;
endif;
endif;
// confirm authorization
if (! $authorization) :
header('WWW-Authenticate: Basic realm="Private "');
header('HTTP/1.0 401 Unauthorized');
print "You are unauthorized to enter this area.";
exit;
else :
print "This is the secret data!";
endif;
 >

The above is a simple authentication system to verify user access rights. When using crypt() to protect important confidential information, remember that crypt() used by default is not the most secure and can only be used in systems with lower security requirements. If higher security is required Performance requires the algorithm I introduce later in this article. Next I will introduce another function supported by PHP━━md5(). This function uses the MD5 hash algorithm. It has several interesting uses worth mentioning:

Mixed A hash function transforms a variable-length message into a fixed-length hashed output, also known as a "message digest". This is useful because a fixed-length string can be used to check file integrity and verify digital signatures and user authentication. As it is suitable for PHP, PHP's built-in md5() hash function will convert a variable-length message into a 128-bit (32-character) message digest. An interesting feature of mixed encoding is that the original plain code cannot be obtained by analyzing the mixed information, because the mixed result has no dependence on the original plain code content. Even changing only one character in a string will cause the MD5 hybrid algorithm to calculate two completely different results. Let’s first look at the contents of the following table and its corresponding results: Use md5() to mix strings

$msg = "This is some message that I just wrote";
$enc_msg = md5($msg);
print "hash: $enc_msg ";
>

Results: hash: 81ea092649ca32b5ba375e81d8f4972c Note that the result is 32 characters long. Take a look at the following table again, where the value of $msg has changed slightly: Use md5() to shuffle a slightly changed string

//Note that there is one s missing in the message
$msg = "This is some message that I just wrote";
$enc_msg = md5($msg);
print "hash2: $enc_msg
" ;
>

Results: hash2: e86cf511bd5490d46d5cd61738c82c0c It can be found that although the length of both results is 32 characters, a small change in the plaintext causes a big change in the result. Therefore, the hashing and md5() functions are a good way to check small changes in the data. Tool of. Although crypt() and md5() have their uses, both are subject to certain limitations in functionality. In the following sections, we will introduce two very useful PHP extensions called Mcrypt and Mhash, which will greatly expand the encryption options for PHP users. Although we have explained the importance of one-way encryption in the above section, sometimes we may need to restore the password data to the original data after encryption. Fortunately, PHP provides this in the form of the Mcrypt extension library possibility. Mcrypt Mcrypt 2.5.7 Unix | Win32 Mcrypt 2.4.7 is a powerful encryption algorithm extension library, which includes 22 algorithms, including the following algorithms: Blowfish RC2 Safer-sk64 xtea Cast-256 RC4 Safer-sk128 DES RC4-iv Serpent Enigma Rijndael-128 Threeway Gost Rijndael-192 TripleDES LOKI97 Rijndael-256 Twofish PanamaSaferplus Wake 1 2 Next Page Last Page