I'd like to recommend that you should not store passwords in a form that
can be decrypted. If it can be decrypted, then in theory it can be
decrypted by an someone who should not have access.
It's better to store passwords using a one-way digest algorithm, so that
the original string can never be retrieved. For example, MD5 or
SHA-256.
$stmt = $db->prepare('INSERT INTO accounts VALUES (account_name,
password) VALUES (?, ?)');
$stmt->execute(array('rohitsing', mhash(MHASH_SHA256, 'secret')));
Then when you need to validate a user's login input, apply the same
one-way digest algorithm, and compare the result to the hash string
stored in the database. If the user's input matched the original
password, the two digest strings should be equal.
$result = $db->fetchAll(
'SELECT ? = a.password AS PASSWORD_MATCH
FROM accounts a WHERE a.account_name = ?',
array(mhash(MHASH_SHA256, $input_password), $input_account)
);
if ($result['PASSWORD_MATCH']) { /* yes, the password given is correct
*/ }
However, to answer your question, if you need the password to be
decrypted, you can use a reversible encryption algorithm. The safest
way to do this is to use symmetric keys. That is, encrypt a string
using a public key and then only your private key can decrypt it. Take
care not to let the private key fall into the wrong hands.
See:
http://php.net/openssl-public-encrypt
http://php.net/openssl-private-decrypt
Use base64_encode() to make the string safe for storing in a database
varchar column.
http://php.net/base64-encode
Regards,
Bill Karwin
> -----Original Message-----
> From: Rohit83 [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 23, 2007 3:40 AM
> To: [email protected]
> Subject: [fw-general] Encryption and Decryption
>
>
> Hi All,
> I want to know how to insert password in database
> with encrypted form and how to retrieve that in original form.
>
