On Sat, Feb 11, 2017 at 11:20 PM, Christine Manrique <[email protected]> wrote: > Good day! I have a concern about the encryption method in PHP 7.1. We just > migrated our code from PHP 5.6 to 7.1 and when we were using 5.6, we used > the mcrypt function in encryption and decryption of password. And now that > our codes are in version 7.1, the mcrypt is already deprecated and an error > is displayed about the function mcrpyt. I have search other functions in 7.1 > in encryption and found the openSSL function but the passwords that were > crypted by mcrypt cannot anymore be crypted using openSSL. Is there a > possible way to encrypt and decrypt passwords that were crypted by mcrypt in > php 7.1? Your urgent response will be much appreciated. > Wrong question.
You should not be storing passwords using a reversible encryption algorithm. You should be using a one-way digest. I recommend migrating ALL passwords to using password_hash() and password_verify() IMMEDIATELY and scrubbing all databases and backups of your "encrypted" passwords. You are asking for severe consequences from a data breech and doing a disservice to your users. -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
