Encrypting data with PHP
Overview: PHP provides us with an interesting array of security-oriented functionality, In this article I'll introduce you to this functionality, providing you with a basis from which you can begin incorporating security enhancements into your own applications.
Using PHP we can easily accomplish One way encryption, In this article I will show you how PHP can be used to do One Way encryption. PHP provides us with built in functions to accomplish one way encryption, the most popular functions used for these are md5() and the crypt() function, In this article we would be using md5() to accomplish one way encryption.
Q:) Now you may ask What the heck does One way encryption mean?
A:) In the most simple terms it means, that the data that you encrypt cannot be decrypted back to itÝs original form! One-way encryption? What's the point?" you may say Well sometimes itÝs a good idea to be not able to decrypt stuff, I know you must be thinking that I have gone crazy, to explain my point I will give you a simple example.
Suppose you have a site where a password is needed to access a particular area of your site that is restricted, and you are storing this password info in a database or a file, currently you might be storing this password as a normal readable file, suppose tomorrow there is a security breach the person who gets access to your database/file can gets access to all the passwordsÍ.. not a pretty picture!
To explain you I will be using the md5() hash function, It converts any string supplied to it into a 128bit, 32 character string. The interesting thing about hashing is that it is impossible to decode a message by examining the hash, because the hashed result is in no way related to the content of the original plain text, to make it clear let me give you an example.
Now suppose that you had encrypted the password data using PHP md5() the hackers just gets password data something like ý648a19754f7803769c66f871bsdcd71aţ which doesnÝt make any sense to him and because it is a one-way encrypted it isn't going to do much good to a hacker because they can never be converted back to the original form.
Let assume our password is : mypass, now instead of storing this password directly we will create a hash of it using md5
$password = "mypass";
$encrypted_password = md5($password); //encrypting the password using md5()
echo "Un-encrypted Password: $password";
echo "Encrypted Password: $encrypted_password";
Click on the View Sample output and notice that the encrypted password for ýmypassţ is a029d0df84eb5549c641e04a9ef389e5 this (128-bit) 32 character string has been generated by the md5() function for mypass., What the md5() does is it generates a unique 32 character hexadecimal number for any string supplied to it.
You can pass any string to the md5() function and it will create a unique the 32 character hexadecimal number for that string.
Next: Real World example for md5()