Popular Posts

  • Form processing in PHP
    Form processing in PHP kindly visit www.apepoint.com for the original content of this blog Before moving to this chapter i must sug...
  • other resources @apepoint
    For orignial post kindly visit www.apepoint.com File manager A file manager or file browser is a computer program that provides a user inter...
  • PHP basis programming
    PHP basis programming kindly visit www.apepoint.com for the original content of this blog. Here in this chapter we will learn how t...
  • PHP with MYSQL
    For orignial post kindly visit www.apepoint.com When we work with MySQL we need to execute a number of query .We can execute almost all t...
  • Installing Apache Mysql PHP
    On window Here the process is straight forward just download WAMP server and double click it will automatically install and you can run you ...
  • Object Oriented Programming PHP
    Object Oriented Programming PHP For orignial post kindly visit www.apepoint.com Object oriented programming is the dominant programming para...
  • PHP: Hypertext Preprocessor HISTORY
    PHP: Hypertext Preprocessor is a widely used, general-purpose scripting language that was originally designed for web development to produce...
  • session cookies header
    For orignial post kindly visit www.apepoint.com for the original contents kindly visit www.apepoint.com Session support in PHP consists of a...
  • PHP array
      PHP array In c like language we all studied that an array is a collection of similar elements. These similar elements could be all int or ...
  • What is a web Site
    A set of interconnected webpages, usually including a homepage, generally located on the same server, and prepared and maintained as a colle...

Tuesday 20 July 2010

Encryption


Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people.

In PHP when we save the password from user we need to encrypt then only we save in our database the encrypted form of the password is called ciphertext of the password.

In some case we need to decrypt the data to get in original formate but in some cases like in case of password management we don’t need as in this case we need to compare only so in first case when user save provide password we save after encyption and in second case when user provided we again encrypted and the compare with the stored ciphertext of the password.

Consider in our case the password is susheel here first time when user provide susheel we encrypted and got 3a5ef784e9a57bb44c70f3680f0f2ec0 and then next time when he again provide the password susheel we again encrypt and find 3a5ef784e9a57bb44c70f3680f0f2ec0 in both cases these must be same if yes then we assume that the password is right. and thus allow.

In the below section we provide some encryption function of mysql and then we provided the PHP functions of the encryption.

Encryption in MySQL
md5
It is a strong method to get encrypted version any data as this is very simple to use so most people prefer to use this.

Example
mysql> select md5("susheel");
+----------------------------------+
| md5("susheel") |
+----------------------------------+
| 3a5ef784e9a57bb44c70f3680f0f2ec0 |
+----------------------------------+
1 row in set (0.02 sec)
password
This is another method of encryption as md5 this is also simple

Example
mysql> select password("susheel");
+-------------------------------------------+
| password("susheel") |
+-------------------------------------------+
| *1E79509ADA928DAE075CF1113838BB8D791EA8A4 |
+-------------------------------------------+
1 row in set (0.00 sec)

SHA1(Secure Hash Algorithm)
As per wiki
SHA-1 is the original 160-bit hash function. Resembling the earlier MD5 algorithm, this was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Originally just called "SHA", it was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1. The original withdrawn algorithm is now known by the retronym SHA-0.

SHA1() can be considered a cryptographically more secure equivalent of MD5()

Example

mysql> SELECT SHA1('abc');
+------------------------------------------+
| SHA1('abc') |
+------------------------------------------+
| a9993e364706816aba3e25717850c26c9cd0d89d |
+------------------------------------------+
1 row in set (0.00 sec)

We can do the same by using

mysql> SELECT SHA('abc');
+------------------------------------------+
| SHA('abc') |
+------------------------------------------+
| a9993e364706816aba3e25717850c26c9cd0d89d |
+------------------------------------------+
1 row in set (0.00 sec)

Encryption in PHP

As you have studied the encryption in MySQL now i am giving you a simple procedure to under stand about it’s implementation in PHP. First of all i suggest you to execute the below example script

$ctx = hash_init('sha1');
hash_update($ctx, 'susheel');
echo hash_final($ctx);
?>


When you will run this script the out put will be
bb30860cc6ca086c154bc9178c89f15114e3b954

Here you notice that the word “susheel” have been encrypted to bb30860cc6ca086c154bc9178c89f15114e3b954

In the above script i use sha1 as an encryption algorithm so what will i needed to do when we wish to use md5 as an encryption algorithm for this i just need to change the name of algorithm sha1 to md5 below i am giving you the same example after the changing of algo

$ctx = hash_init('md5');
hash_update($ctx, 'susheel');
echo hash_final($ctx);
?>
here in this case the out put is

3a5ef784e9a57bb44c70f3680f0f2ec0

By above two examples you noticed that the implementation of the encryption algorithms in php is quite simple

In the example i use three functions in hash_init() in this function we provide the name of the algorithm in which we want to encrypt and the hash_update() function in this we pass the string name which we want to encrypt and the next one hash_final() this was the function which finalize the incremental value and return the resulted encrypted value.

As you have saw the complete process to implement the encryption in php but the question is still remain about the list supported algorithm in php so for this i am giving an script which will list all the supported algorithm


print_r(hash_algos());
?>

Just run this, this will print the all supported algorithm and let you know all the supported alogorithm
when i implemented on our server the out put was

[0] => md2
[1] => md4
[2] => md5
[3] => sha1
[4] => sha256
[5] => sha384
[6] => sha512
[7] => ripemd128
[8] => ripemd160
[9] => ripemd256
[10] => ripemd320
[11] => whirlpool
[12] => tiger128,3
[13] => tiger160,3
[14] => tiger192,3
[15] => tiger128,4
[16] => tiger160,4
[17] => tiger192,4
[18] => snefru
[19] => gost
[20] => adler32
[21] => crc32
[22] => crc32b
[23] => haval128,3
[24] => haval160,3
[25] => haval192,3
[26] => haval224,3
[27] => haval256,3
[28] => haval128,4
[29] => haval160,4
[30] => haval192,4
[31] => haval224,4
[32] => haval256,4
[33] => haval128,5
[34] => haval160,5
[35] => haval192,5
[36] => haval224,5
[37] => haval256,5

So you can see that there the 37 algorithms of encryption which php supporting so when ever we wish to encrypt any string we just need to select an algorithm and then pass it to hash_init() and then pass the string in the function hash_update() and then get the encrypted string by the has_final . This process is straight forward and we easily can do it.

Now i am giving you an example and gor better understanding i suggest you execute this script on your server however this script is also uploaded in our server you can see by visiting on http://www.apepoint.com/demo/hashalogs.php page

The script is

/* Get the posted value of the form if there is one */
$p = empty($_POST['p']) ? null : $_POST['p'];
?>

Hash testing


String hashing











Table of hash values for based on algorithm









class="on">




Algorithm Hashed value of





Encryption of a file in PHP

Now coming to another important thing which is how to encrypt a file. for this we have very good function which we may use to encrypt a file below is an example script

echo hash_file('md5', 'test.php');
?>

here md5 is the name of the algorithm and the test.php is the name of the file as usual it is also a simple task .In this way we can encrypt a complete file.


In this chapter we explain the encryption in php by using various php functions .
Posted by at No comments:
Subscribe to: Posts (Atom)