Internet Marketing Company

How to Encrypt and Hash Passwords in Php

If you want to build a user-management system – or work on someone else’s – you should know a few basics about how passwords are encrypted or hashed. In other words, how are they made safe for storage?

What is a Hash?

Before a password is stored, it is typically converted into a “hash.” This isn’t technically a form of encryption, because it is a one way process. Once a password has been hashed… there’s no going back.

For example, if I hash the phrase “Bananas,” I might get back this garbled mess of characters – “1ee31b77d0697c36914b99d1428f7f32.”

The reason we do this is so that someone who views the database – a hacker or maybe a dishonest systems adminstrator – can’t figure out your password. He or she will see the hash and have no idea what the password is.

The script that checks your password when you log in knows how the hash was created – so it can recreate that hash if you give it the same password. The hash it creates based on your input can then be checked against the one in the database to see if you entered the real password.

Ok, How Do We Create a Hash?

There are two major functions for creating hashes in php – md5() and crypt().

md5 is the simpler function, so we’ll start there. You simply call the function like so…

md5(”Password String”);

This returns the encrypted hash. If you called md5(”Bananas”), you would always get “1ee31b77d0697c36914b99d1428f7f32″ back as a result. You would then store that phrase in the database to check the password in the future.

Crypt is a bit more complicated. With md5, you always get the same result. With crypt, you can use different encryption keys or “salts” to get different results. You can encrypt something with crypt like this…

crypt(”Password String”);

or

crypt(”Password String”, “Salt”);

If you do not provide a salt or encryption key, them PHP creates one for you. This changes the way the word is hashed. So if you called crypt(”Bananas”) twice, you would get two different results. Here’s some extra reading on how to use crypt to hash and encrypt a password in PHP.

So Which is Better?

That’s debateable. In most cases, crypt uses the same hashing algorithm that md5 does. Neither is necessarily “stronger” than the other.

The one advantage that crypt does has is that it can a different encryption key or salt each time. The same password can have a different hash if it is created with a different salt.

Therefore it is near impossible to create a dictionary of known hashes. With md5, this can be done easily – because each password phrase has only one possible hash value.

A dictionary like this would make a hacking attempt much easier than if the computer had to physically hash and check each possible phrase. Here’s some more reading on the difference between md5 and crypt.

Good luck hashing, and remember – the best way to learn php is to try new things. So go practice.

How to Encrypt and Hash Passwords in Php / Brian Rock

PHP Tutorials, Web Design Guides, and Money Making Tips.
Latest PHP Tutorials.
Security Related Articles.

Ftp by Pat L

Defining FTP
File Transfer Protocol – FTP, is a standard internet protocol. It is the simplest way to transfer files between two computers. Using FTP gives you the ability to gain access to files on another computer. Not only can FTP be used for uploading data, but for downloading it as well. FTP is the method you will use to transfer web site files from your computer to the computer that hosts your site.

Types of FTP programs
The two types of FTP programs are client and server. You will be using the client software. Since there are so many FTP client programs available, you will need to choose the one that best suits your needs and skill level. The two types of these programs are command line and graphical interface. For beginners, the graphical type seems to be the easiest to work with. The interfaces of graphical programs vary, but the required information is almost always the same. Here is a list of some popular FTP client programs: CuteFTP, Filezilla and SmartFTP for windows along with Fetch for Mac systems. No matter what you choose, just make sure to get a program that makes it easy for you upload, download and rename your files.

Transferring you files
To upload or download a file using your FTP client software, you will need to take some time to learn how to use it. Each FTP program is different, so read the FAQ page or instructions first. Your first step is to setup your FTP software to access your host computer. Do this by entering the FTP host address that was provided by the hosting service you chose. The software will require you to enter your user ID and password. There should be two options for a file type transfer. One will be ASCII and the other is binary. ASCII is used when transferring HTML files and binary is for graphics files. Some of the newer programs offer an auto detect option which is very useful if you are new to transferring files. The rest of the information is usually set up by default and doesn’t need to be changed. In a rare occurrence, your host will indicate any other information changes needed will be provided by your webhost. Because each client program operates differently, it is hard to give all the exact steps required, but for the most part they are all relatively the same.

Steps to take before you upload your website
Here are some important elements to look over before uploading your files to your server. It is vitally important to carefully proof read your pages. Most software has a built in spell checker, but even though a word is spelled correctly, it can still be used in the wrong tense or context. Once you have proof read your content, have someone else do the same thing. Another set of eyes can find errors that you have overlooked and can also give input on potential changes that might need to be made. If there are any errors, making the changes prior to uploading them is better than having a visitor send you feedback about needed corrections.

Ftp / Pat L.

Pat L. started out as a novice creating a few niche sites and during that process gained huge amounts of knowledge in the website development process. You can visit http://www.abundantarticles.com for more information about developing and creating a website.

Tools for Website Construction

Construction tools
Whenever something is built, the proper tools are needed to accomplish that task. Starting out, you will need a computer, monitor, printer, a connection to the internet and software. Since the first four are most likely already in place, we will go over choosing software. There are many ways to obtain software necessary for you to make your website. There are freeware programs available that can get you up and running with a few clicks of your mouse. These programs offer no warranty but some of the more popular ones provide a large amount of support in the form of forums and FAQ pages. Another way to get software is to use a trial version. This type of software gives you the ability to use it for either a specified amount of time, with limited features or possibly both. Either way, trial versions can help you decide whether or not to actually purchase a full version based on your opinions from previewing it. The final way is to purchase a fully licensed copy with warranty, instructions and full support if there are any issues.

Editor software
There are ways to design the pages in your website. One is with a What You See Is What You Get (WYSIWYG) editor and the other is with a text editor. WYSIWYG editors provide users the ability to see how their pages will look as they are being created. These editors also give you the ability to type in code as well with a built in text editor. In the commercial market, Adobe has Dreamweaver and Microsoft has Expression. Each offers a trial version with the option to buy but just as with the graphics software, you might be on a budget. Kompozer is a free WYSIWYG editor that has many features available to beginners as well as professionals.

Graphics software
In order for your website to have images on them, you are going to need some form of graphics software. Adobe seems to have the biggest hand in the commercial market with products like Adobe Photoshop, Adobe Illustrator and Adobe Photoshop Elements. Since most people just starting out are on a tight budget, and by tight budget I mean no money to invest, then getting some of the free software available will be something to look into. Gimp is one such software, which is fairly easy to learn. There are many tutorials that are linked to the Gimp download site. Photo and graphics editors come in many types from the most basic to high-end software capable of making any modifications you could think of. No matter which path you choose, make sure the software can not only edit and create the images you want, but also save them in a format that is web friendly. When designing your website, image optimization is a must. The amount of bandwidth available to visitors varies. Your first step towards the optimization process is to use the proper format. Choosing the correct format alone can cut your file size in half or even more. These include: GIF, JPEG and BMP. Once that is done, simply manipulating a few settings should reduce the file size without losing any or much of the images original integrity.

Tools for Website Construction / Pat L.

Pat L. started out as a novice creating a few niche sites and during that process gained huge amounts of knowledge in the website development process. You can visit http://www.abundantarticles.com for more information about developing and creating a website.