On Thu, Aug 12, 2010 at 10:00 AM, tedd wrote:
> At 8:09 PM -0400 8/11/10, Bastien Koert wrote:
>>
>> From my experience, I'd have to say that it would be a real tough go
>> to crack that. If there was a weak point in the scheme is that your
>> end result pattern ( the ssn ) is defined with a pair
From: tedd
> At 8:09 PM -0400 8/11/10, Bastien Koert wrote:
>>From my experience, I'd have to say that it would be a real tough go
>>to crack that. If there was a weak point in the scheme is that your
>>end result pattern ( the ssn ) is defined with a pair of constants,
>>the hyphens. In our schem
At 3:48 AM -0400 8/12/10, Adam Richardson wrote:
-- snip excellent points --
Of note, SS#'s are a special piece of data, not only because of their power,
but because of their lifetime (normally as long as the individual lives.)
This is very different from a credit card which gets updated every
At 8:09 PM -0400 8/11/10, Bastien Koert wrote:
From my experience, I'd have to say that it would be a real tough go
to crack that. If there was a weak point in the scheme is that your
end result pattern ( the ssn ) is defined with a pair of constants,
the hyphens. In our scheme we remove the dash
On 12 August 2010 09:48, Adam Richardson wrote:
> On Wed, Aug 11, 2010 at 6:50 PM, tedd wrote:
*snip*
>
> 1. MD5 - Use of this old algorithm to produce your keys limits your key
> space due to collisions AND the fact that 3DES accepts keys longer than the
> 128 bit output MD5 produces. A
On Wed, Aug 11, 2010 at 6:50 PM, tedd wrote:
> Hi gang:
>
> Okay, a question to the Encryption/Decryption gurus out there.
>
> If you were given:
>
> 1. This encrypted string:
>
> p3IVhDBT26i+p4vd7J4fAw==
>
> 2. Were told it was a social security number (i.e., in the form of
> 123-45-6789).
>
> 3
On 12 August 2010 02:07, Josh Kehn wrote:
> On Aug 11, 2010, at 6:50 PM, tedd wrote:
>
>> Hi gang:
>>
>> Okay, a question to the Encryption/Decryption gurus out there.
>>
>> If you were given:
>>
>> 1. This encrypted string:
>>
>> p3IVhDBT26i+p4vd7J4fAw==
>>
>> 2. Were told it was a social securit
>From my experience, I'd have to say that it would be a real tough go
to crack that. If there was a weak point in the scheme is that your
end result pattern ( the ssn ) is defined with a pair of constants,
the hyphens. In our scheme we remove the dashes and just provide a
mask for display. We also
On Aug 11, 2010, at 6:50 PM, tedd wrote:
> Hi gang:
>
> Okay, a question to the Encryption/Decryption gurus out there.
>
> If you were given:
>
> 1. This encrypted string:
>
> p3IVhDBT26i+p4vd7J4fAw==
>
> 2. Were told it was a social security number (i.e., in the form of
> 123-45-6789).
>
>
Hi gang:
Okay, a question to the Encryption/Decryption gurus out there.
If you were given:
1. This encrypted string:
p3IVhDBT26i+p4vd7J4fAw==
2. Were told it was a social security number (i.e., in the form of
123-45-6789).
3. And it had been generated from this code:
$cipher = mcrypt_modu
Edward Diener wrote:
>> why not just use https protocol. all data between client and server
>> will be encrypted.
>
> The data must be encrypted/decrypted going both ways between the
> client and the server. Does using https automatically do that ? If it
> does that would be great.
>
Yes, that
paragasu wrote:
if you want client to send encrypted form to server. then it must be
done using some kind of
client side script (javascript?).
I am using C++.
i don't think it is reliable.
Why would it not be reliable if I were using a public-key/private-key
encryption library which works
Per Jessen wrote:
Edward Diener wrote:
Phpster wrote:
In reading the license I believe it refers to the gnupg itself, not
the application it may be embedded in. You are completely free to use
gnupg as you choose including modifying it to meet your needs.
I always thought the GNU public licens
if you want client to send encrypted form to server. then it must be
done using some kind of
client side script (javascript?). i don't think it is reliable.
why not just use https protocol. all data between client and server
will be encrypted.
On 1/1/09, Per Jessen wrote:
> Edward Diener wrote:
Edward Diener wrote:
> Phpster wrote:
>> In reading the license I believe it refers to the gnupg itself, not
>> the application it may be embedded in. You are completely free to use
>> gnupg as you choose including modifying it to meet your needs.
>
> I always thought the GNU public license deman
Phpster wrote:
In reading the license I believe it refers to the gnupg itself, not the
application it may be embedded in. You are completely free to use gnupg
as you choose including modifying it to meet your needs.
I always thought the GNU public license demanded that any non-free
modules, w
As I understand it:
You can LINK your commercial binary with GPL binaries, and keep closed source.
You cannot co-mingle the two C source codes together and keep it closed.
I am fairly certain you can find commercial C++ offerings to generate PGP key
pairs, instead of using the GnuPG OSS
In reading the license I believe it refers to the gnupg itself, not
the application it may be embedded in. You are completely free to use
gnupg as you choose including modifying it to meet your needs.
Bastien
Sent from my iPod
On Dec 30, 2008, at 10:50 PM, Edward Diener
wrote:
My clien
My client application needs to send data to a PHP page in encrypted form
and have the PHP code able to decrypt it. Likewise the PHP code needs to
return data to my application encrypted and my client application needs
to be able to decrypt it.
My application is written in C++ and naturally the PH
2008. 01. 17, csütörtök keltezéssel 12.14-kor Ken Kixmoeller -- reply to
[EMAIL PROTECTED] ezt írta:
> (forgot to copy the list)
>
> On Jan 16, 2008, at 5:08 PM, Richard Lynch wrote:
>
>
> > Is it possible that 4% of the time, you have spaces on the start/end
> > of the string, which get trimmed
(forgot to copy the list)
On Jan 16, 2008, at 5:08 PM, Richard Lynch wrote:
Is it possible that 4% of the time, you have spaces on the start/end
of the string, which get trimmed before encryption?
In this case, no. In trying to simplify the situation to narrow the
possibilities of error,
Is it possible that 4% of the time, you have spaces on the start/end
of the string, which get trimmed before encryption?
And if rijndael is one of the algorithms which requires a fixed-size
input, that also would be "bad" to trim it. If you need multiple of
16 bytes input, leave the input alone.
On Tue, January 15, 2008 10:48 pm, Casey wrote:
> On Jan 15, 2008 8:40 PM, Ken Kixmoeller -- reply to [EMAIL PROTECTED]
> <[EMAIL PROTECTED]> wrote:
>>
>> On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
>>
>>
>> > I second that, you should base64 encode values before encrypting
>> > and base6
Many thanks, Mike --- yours works great... 0 errors.
On Jan 16, 2008, at 9:24 AM, mike wrote:
function data_encrypt($data) {
if(!$data) { return false; }
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,
$GLOBALS['config']['salt'], $data, 'cbc', md5($GLOBALS['config']['
s
ke it
something worthwhile like "haX0r$sUCK!" that won't ever be easily
guessed.
I have code like this running on a couple sites - works like a charm,
that includes using it to encrypt cookie data and decrypt it on the
way back. I am not entirely sure if the str_replace for the space
On Jan 16, 2008, at 1:28 AM, Andrés Robinet wrote:
1 - Mike is right about first encrypting and then doing a
base64_encode (then saving results to DB, cookies, etc). I don't
know why replacing " " to "+" for decrypting, though.
His other post explains that php didn't seem to like spaces
On Jan 15, 2008, at 10:48 PM, Casey wrote:
It returns the correct value. If you look at the last example, and run
base64_decode on "MDAwMzEwMDI0NDA0MTMyOQ==", you will get
"0003100244041329".
Oops. "Haste makes crappy programming."
Ken
--
PHP General Mailing List (http://www.php.net/)
To un
On 1/15/08, Andrés Robinet <[EMAIL PROTECTED]> wrote:
> 1 - Mike is right about first encrypting and then doing a base64_encode (then
> saving results to DB, cookies, etc). I don't know why replacing " " to "+"
> for decrypting, though.
we have an application which sets an encrypted cookie in .
> -Original Message-
> From: mike [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 16, 2008 1:49 AM
> To: Ken Kixmoeller -- reply to [EMAIL PROTECTED]
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] Encryption failing
>
> > -
>
> if ($EorD == "D") {
>$text_out = mdecrypt_generic($cypher,$text);
>$text = base64_decode($text);
shouldn't this be base64_decode($text_out) ? :)
> } else {
>$text= base64_encode($text);
>$text_out = mcrypt_generic($cypher,$t
On Jan 15, 2008 8:40 PM, Ken Kixmoeller -- reply to [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>
> On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
>
>
> > I second that, you should base64 encode values before encrypting
> > and base64
> > decode them after decrypting to be safe.
> >
>
> Thank
On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
I second that, you should base64 encode values before encrypting
and base64
decode them after decrypting to be safe.
Thanks for the idea.
Like this? Fails 500/500 times on my test.
if ($EorD == "D") {
On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
I second that, you should base64 encode values before encrypting
and base64
decode them after decrypting to be safe.
Thanks for the idea.
Like this? Fails 500/500 times on my test.
if ($EorD == "D")
On Jan 15, 2008, at 11:08 PM, Andrés Robinet wrote:
-Original Message-
From: Bastien Koert [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 12:55 AM
To: Ken Kixmoeller -- reply to [EMAIL PROTECTED]; php-
[EMAIL PROTECTED]
Subject: RE: [PHP] Encryption failing
are you
> -Original Message-
> From: Bastien Koert [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 16, 2008 12:55 AM
> To: Ken Kixmoeller -- reply to [EMAIL PROTECTED]; php-
> [EMAIL PROTECTED]
> Subject: RE: [PHP] Encryption failing
>
>
> are you base64 encodi
d that
> there are problems with certain characters that can result from the
> encryption, usually a combination of characters that approximate a null or
> end of line
>
> bastien> From: [EMAIL PROTECTED]> Date: Tue, 15 Jan 2008 21:41:45 -0600> To:
> php-general@lists.
21:41:45 -0600> To:
php-general@lists.php.net> Subject: Re: [PHP] Encryption failing> > > On Jan
15, 2008, at 7:06 PM, Casey wrote:> > >> Maybe you could echo the results of
the failed ones and compare.> > I did that at first, thinking that "something
a
On Jan 15, 2008, at 7:06 PM, Casey wrote:
Maybe you could echo the results of the failed ones and compare.
I did that at first, thinking that "something about these strings
might cause the problem." But then I realized: I can't blame the
data. I don't have any control over what users use
On Jan 15, 2008, at 4:54 PM, "Ken Kixmoeller -- reply to [EMAIL PROTECTED]
" <[EMAIL PROTECTED]> wrote:
Hey --- - -
I am in the process of upgrading the encryption technology I am
using from (64 bit) blowfish to (256 bit) rijndael.
The code (and some explanations) is below, but the results
Hey --- - -
I am in the process of upgrading the encryption technology I am using
from (64 bit) blowfish to (256 bit) rijndael.
The code (and some explanations) is below, but the results are, um,
unusual, and I can't see what I am doing wrong. For testing, I have a
program that generates
On Sat, May 20, 2006 10:35 am, Lawrence Kennon wrote:
> --- Rory Browne <[EMAIL PROTECTED]> wrote:
> but does support Cardservice
> International.
These guys give you a PHP library that you http://php.net/include
which then provides functions you can call which you pass in the CC#
and they give yo
So let's say that I want to integrate a shopping cart
with a PSP, right up to the moment they get to the
checkout, they see my client's URL. They hit the
"Checkout" button and then they will see the URL of
the PSP? Then once they place the order then they are
redirected back to my client's site a
--- Rory Browne <[EMAIL PROTECTED]> wrote:
> It's better if, when it comes to time
> to checkout, you redirect your client
> to your Payment Service Providers (PSP's)
> website, your PSP processes the payment,
> and redirects the client back to your
> site. The PSP would then contact you
> di
DO NOT STORE CREDIT CARD NUMBERS!!!
Period!!!
If your PHP script can access them, then they are too accessible to
the Bad Guys.
Ditto
Even if nothing else, someone could modify your code to email them the CC
Numbers.
It's better if, when it comes to time to checkout, you redirect your client
> Are there any employees who have access to this PC? What sort of
> background checks have you run on every employee?
>
> Do you REALLY want to run the risk of having to DESTROY your
> reputation with all your customers?
>
Not only all that, but suppose one of your customers has his CC info
On Fri, May 19, 2006 3:00 pm, Lawrence Kennon wrote:
> But just out of curiousity, let's assume you are
> running a shopping cart which takes credit cards and
> passes them on to whomever approves them and you don't
> _ever_ write this info to files. Aren't you also
> vulnerable to someone being ab
On Fri, May 19, 2006 1:36 pm, Lawrence Kennon wrote:
> In regards to GNU Privacy Guard (gpg), I did actually
> manage to get that to work in the hosting environment
> (without the help of the hosting support folks! :). I
> use a directive to tell gpg to not warn me about
> "using insecure memory" b
On Fri, May 19, 2006 8:54 am, Lawrence Kennon wrote:
> For an ecommerce site where sensitive data is stored
> either in files, or in a database, have you used some
> form of encryption to protect your customer's data?
>
> I have a client who currently uses a Perl scripted
> shopping cart that store
> --- Koen Martens <[EMAIL PROTECTED]> wrote:
>
> > But your unencrypted data is there, so someone could
> > possibly snoop
> > that from the insecure memory.
>
> This is true.
>
> I am going to ask the hosting company to setuid gpg as
> root. That should solve one problem (from gpg docs):
>
>
--- Koen Martens <[EMAIL PROTECTED]> wrote:
> But your unencrypted data is there, so someone could
> possibly snoop
> that from the insecure memory.
This is true.
I am going to ask the hosting company to setuid gpg as
root. That should solve one problem (from gpg docs):
"This is necessary to l
Lawrence Kennon wrote:
> I use a directive to tell gpg to not warn me about
> "using insecure memory" but since no private keys
> reside on this host I think I can safely ignore that
> (they can't steal what is not there).
But your unencrypted data is there, so someone could possibly snoop
that fr
Re: Encryption Advice
First off, thanks to the folks who replied with
advice. I am mulling over your advice (and I greatly
appreciate it!). I have been doing PHP programming for
a couple years, including secure sites, but this is my
first ecommerce venture, so I am trying to learn as
much as I can
>
> For an ecommerce site where sensitive data is stored
> either in files, or in a database, have you used some
> form of encryption to protect your customer's data?
>
> I have a client who currently uses a Perl scripted
> shopping cart that stores orders (including credit
> card numbers) in pl
On 5/19/06, Lawrence Kennon <[EMAIL PROTECTED]> wrote:
For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?
I have a client who currently uses a Perl scripted
shopping cart that stores orde
For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?
I have a client who currently uses a Perl scripted
shopping cart that stores orders (including credit
card numbers) in plain text files on
Hey all.
I am trying to get encryption working for my site.
I have found some code and set up a test bed for it, but it fails to return
the same value after the 26th item. I was hoping someone could take a look
and maybe tell me why? There is very little help out there for encryption.
If you know
s <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Date: 07/13/2004 3:17:54 PM
> Subject: [PHP] encryption needed?
>
> Hi all,
>
> I am to set up a service where users can view news of companies.
> To identify the company selected an easy way is to use the company-
I wouldn't encrypt the ID, but I can't help wonder why you don't want people
knowing the company's ID. They can get access to it if you're storing it
client-side.
This is like using a single script to view documents where you provide the
ID of the document to display.
http://localhost/view.php?I
Hi all,
I am to set up a service where users can view news of companies.
To identify the company selected an easy way is to use the company-id.
The id is not displayed but stored in the client browser as JS-variable.
Question:
Is it ok to use the company-id or do I have to encrypt the id
using mc
I have a need for an encryption program that can encrypt/decrypt data. I
previously had a programmer build me a C program that compiled and runs on
the command line, which I would then call via PHP.
We are experiencing with this however, a 5-7% fail rate on the decryption -
not acceptable for the
[snip]
I am encrypting some data on one server and now I am attempting to decrypt on another
server using mcrypt_encrypt and mycrypt_decrypt (using same key and initialzation
vector). It is almost working but I seem to still have a little problem, that data is
missing the last character which st
Good morning gurus!
I am encrypting some data on one server and now I am attempting to decrypt on another
server using mcrypt_encrypt and mycrypt_decrypt (using same key and initialzation
vector). It is almost working but I seem to still have a little problem, that data is
missing the last char
I wouldn't use crypt, instead use one of the proven more secure hashes
like md5 or sha1.
For password hashing I'd use md5 (PHP 3 and 4) if you want broad
support or sha1 for a little more security (sha1 hasn't been in PHP as
long (only since 4.3.0) so you will lose some compatability,
Ryan T
php-gen
Subject: Re: [PHP] Encryption question
md5 is a one-way hash function. It is great for passwords. (I'm not sure if
that technically qualifies as encryption because it is nearly impossible to
decrypt..hmm) Anyway, I would recommend using it.
- Brad
--
PHP General Mailing List
On Fri, 2003-10-10 at 20:31, Ryan Thompson wrote:
> I know this is an opinion thing but what's the best functions or function set
> for password encryption?
>
> Currently my project uses md5 but I thinks it's more for checksums isn't it?
> Also, is mcrypt used for passwords? I looks like it's a t
Sorry. Just stumbled on crypt()
On Friday 10 October 2003 22:31, Ryan Thompson wrote:
> I know this is an opinion thing but what's the best functions or function
> set for password encryption?
>
> Currently my project uses md5 but I thinks it's more for checksums isn't
> it? Also, is mcrypt used
I know this is an opinion thing but what's the best functions or function set
for password encryption?
Currently my project uses md5 but I thinks it's more for checksums isn't it?
Also, is mcrypt used for passwords? I looks like it's a two-way encryption.
--
Ryan Thompson
[EMAIL PROTECTED]
http
Using a PHP encoder or compiling a binary does not make it more secure
than storing the IV and encryption key in plain text in a PHP script.
The problem is the fact that the encryption cipher requires the same key
for encryption and decryption, this is not a problem in many encryption
cases but in
Title: Re: [PHP] Encryption using MMCrypt - whats the point?
Granted, the $350 stand-alone encoder is a bit expensive. I'm talking about the online
encoder though, you pass your PHP script through the online-control center and it
output's the encrypted version, a typical PHP progra
Adam/Lowell:
Thanks for the suggestions but like all clients they want maximum
function for minimum $$ - encoders are therefore not a possibility (but I
will keep that in mind for future apps :))
Thanks.
On 1/30/03 9:55 AM, "Adam Voigt" <[EMAIL PROTECTED]> wrote:
> http://www.ioncube.com/
>
http://www.ioncube.com/
Encrypt PHP scripts (there pretty cheap to).
On Thu, 2003-01-30 at 09:30, Mike Morton wrote:
I want to use the mcrypt functions to encrypt credit card numbers for
storage in a mysql database, which mycrypt does admirably:
$key =
Could you use the Zend Encoder to encrypt the PHP script?
<http://www.zend.com/store/products/zend-safeguard-suite.php>
--
Lowell Allen
> From: Mike Morton <[EMAIL PROTECTED]>
> Date: Thu, 30 Jan 2003 09:30:36 -0500
> To: <[EMAIL PROTECTED]>
> Subject: [PHP] Encryp
Not a good idea, you might look at some form of public key encryption
where you encrypt the credit card information with the public key and
the merchant decrypts it with their private key that is not on the
server.
You generally do not want to store the information encrypted with mcrypt
because in
I want to use the mcrypt functions to encrypt credit card numbers for
storage in a mysql database, which mycrypt does admirably:
$key = "this is a secret key";
$input = "Let us meet at 9 o'clock at the secret place.";
$iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_CBC
Hello,
I was wondering if anyone has some examples of encrypting credit card
numbers in a database?
Basically, someone goes to a secure site, enters their information, and
then it is stored locally in a mysql database until it can be entered
(this is all we have for now until we setup a merchant
Hi!
I read the PHP manual about the encryption, mcrypt_module_open(). I
have been trying to figure out an example of the parameters inside the
functions. I tried some of these options but I still get the error message
saying "Warning: mcrypt module initialization failed in ". Here's so
Just how are you going to decrypt it? Password encryption is ordinarily
one-way - you have no choice. You have to compare encrypted passwords.
-Original Message-
From: Tom Ray [mailto:[EMAIL PROTECTED]]
SI want to compare a password to a encrypted password stored in my mySQL
database usin
> I want to compare a password to a encrypted password stored in my
mySQL
> database using password('password'), what's the best way to compare
the
> two?
>
> Encrypted the password sent by the user and compare or pull the
password
> from the database based on username, decrypt it and then compar
I want to compare a password to a encrypted password stored in my mySQL
database using password('password'), what's the best way to compare the two?
Encrypted the password sent by the user and compare or pull the password
from the database based on username, decrypt it and then compare?
--
-
From: "Justin French" <[EMAIL PROTECTED]>
To: "Bob Irwin" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, September 05, 2002 4:00 PM
Subject: Re: [PHP] Encryption of emails.
> Perhaps not EXACTLY what you're after, but I wrote a small, sim
Perhaps not EXACTLY what you're after, but I wrote a small, simple function
to encrypt a string with a key (i'll skip a long note about keeping the key
safe).
Then I send an email with the data encrypted, and decrypt it at the other
end (me) using a decrypt script located on my local server.
It
Hey guys,
Can anyone recommend any PHP functions or plugins that will allow me to send
encrypted emails via PHP? Something similar to PGP would be excellent. I
have use PGP with a formmail cgi previously, but obviously it'd be easier to
have in-PHP support for it.
Any suggestions are much appr
>My company is going to be
>1. Hosting our code on other people servers
>2. selling our programs.
>
>We are going to be needing to encrypt the codewhat would you all
>suggest?
>How about Zend Encoder...is it any good? (even though its so much $$)
Disclosure: I'm a former employee and come wi
I need to do some encryption/decryption of data in PHP. I don't
need anything heavy duty. Just some scheme that obscures strings
in a non-trivial manner.
I am on a shared hosting site which doesn't have the mcrypt suite
installed with PHP (& they won't install it).
Does anyone know of any func
> -Original Message-
> From: Erik Price [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, February 23, 2002 12:20 PM
> To: PHP
> Subject: [PHP] encryption and HTTP
>
>
> Without using SSL or JavaScript, is there any way to make an
> md5 hash or
> encrypt a string before se
Without using SSL or JavaScript, is there any way to make an md5 hash or
encrypt a string before sending it out as a POST request?
It seems that without encrypting the data before sending it, it can
still be intercepted. Once intercepted, it doesn't matter if I use
md5() on the $_POST['passwo
I am totally new to encryption.
My question is very simple.
If I use the mcrypt module to encrypt and decrypt some
data, would it guarantee to work consistently with
future versions of the mcryp module (or PHP versions).
(i.e. Would decription always give me the same
result?)
Thanks.
=
Ana
27;testpass');
Good luck,
Tyler Longren
- Original Message -
From: "Valter Santos" <[EMAIL PROTECTED]>
To: "Brian Clark" <[EMAIL PROTECTED]>; "PHP is not a drug."
<[EMAIL PROTECTED]>
Sent: Thursday, December 06, 2001 9:34 AM
Subject: Re: [PHP]
Brian Clark" <[EMAIL PROTECTED]>
To: "PHP is not a drug." <[EMAIL PROTECTED]>
Sent: Thursday, December 06, 2001 2:48 PM
Subject: Re: [PHP] encryption
> * Justin French <[EMAIL PROTECTED]> [Dec 06. 2001 07:33]:
>
> > Can someone give me a brief over view
* Justin French <[EMAIL PROTECTED]> [Dec 06. 2001 07:33]:
> Can someone give me a brief over view of how to encrypt a password and
> store it in a MySQL DB, then be able to validate thier plain text
> password on login against the encrypted one on the DB?
An alternative is to just store an Md5 o
UPDATE members set passwd=PASSWORD(passwd);
"select login from members where PASSWORD($form_pass)=passwd;"
Regards,
Adnrey Hristov
- Original Message -
From: "Justin French" <[EMAIL PROTECTED]>
To: "php" <[EMAIL PROTECTED]>
Sent: Thursda
Richy
-Original Message-
From: Justin French [SMTP:[EMAIL PROTECTED]]
Sent: 06 December 2001 12:33
To: php
Subject:[PHP] encryption
Hi,
Can someone give me a brief over view of how to encrypt a password and
store it in a MySQL DB, then be able to validate thier plain text
Hi,
Can someone give me a brief over view of how to encrypt a password and
store it in a MySQL DB, then be able to validate thier plain text
password on login against the encrypted one on the DB?
I'm guessing I:
1. encrypt the desired password with some sort of key (eg "blahblah")
which is hid
>
> > Thoughts?
> > Sheridan
> >
> > - Original Message -
> > From: Francis Fillion <[EMAIL PROTECTED]>
> > To: Tom Malone <[EMAIL PROTECTED]>
> > Cc: PHP Users <[EMAIL PROTECTED]>
> > Sent: Thursday, July 19, 2001 5:14 PM
&
PROTECTED]>
> Cc: PHP Users <[EMAIL PROTECTED]>
> Sent: Thursday, July 19, 2001 5:14 PM
> Subject: Re: [PHP] encryption
>
> > One of my friends has a rsa key somethings, what it does is that at
> > every few minutes it generate a random number so for login on
: Francis Fillion <[EMAIL PROTECTED]>
To: Tom Malone <[EMAIL PROTECTED]>
Cc: PHP Users <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 5:14 PM
Subject: Re: [PHP] encryption
> One of my friends has a rsa key somethings, what it does is that at
> every few minutes it generat
t; From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 19, 2001 3:21 PM
> To: Sheridan Saint-Michel
> Cc: php-general
> Subject: Re: [PHP] encryption
>
> Ahh, well then, another solution could be to use SSL, depends on your
> application weather you can g
ssage-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 19, 2001 3:21 PM
To: Sheridan Saint-Michel
Cc: php-general
Subject: Re: [PHP] encryption
Ahh, well then, another solution could be to use SSL, depends on your
application weather you can get away with using an unsig
n
>
> - Original Message -
> From: Jeff Bearer <[EMAIL PROTECTED]>
> To: Tom Malone <[EMAIL PROTECTED]>
> Cc: PHP Users <[EMAIL PROTECTED]>
> Sent: Thursday, July 19, 2001 12:17 PM
> Subject: Re: [PHP] encryption
>
>
> > I'd use the pass
.
That way the only thing that ever gets transmitted is an md5 hash =P
Sheridan
- Original Message -
From: Jeff Bearer <[EMAIL PROTECTED]>
To: Tom Malone <[EMAIL PROTECTED]>
Cc: PHP Users <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 12:17 PM
Subject: Re: [PHP] encr
1 - 100 of 113 matches
Mail list logo
