PHP encryption
This is a limited discussion of PHP and encryption.
•PHP provides two functions that can be used for one-way encryption of passwords.
•string crypt (string str [, string salt]) – returns an encrypted string using a system defined algorithm.
–The argument str is the string to be encrypted and salt is a string to drive the encryption.
–The salt argument is a two character string.
–If the salt argument is not provided, crypt generates one randomly.
–Randomly generated salt will be returned as the first two characters of the return value.
–Randomly generated salt will need to be stored so encrypted string can be regenerated.
–crypt() only encrypts first 8 characters of string
string md5 ( string str [, bool raw_output] ) – calculates the MD5 hash of str using the RSA Data Security, Inc. MD5 Message-Digest Algorithm, and returns the resulting hash.
•The hash is a 32-character hexadecimal number.
•This algorithm does not use a salt.
Differences:
•md5( ) works with strings of any length while crypt() only uses first 8 characters, i.e., results of crypt() would be the same for "abcdefgh5" and "abcdefgh6".
•crypt( ) uses a salt to calculate the encrypted string while md5() does not. (Note: If the script concatenated a salt with the string to be encrypted before sending it to md5(), it would be the same as using a salt.)
© Lynne Grewe