Subscribe to From The Mind of a Programmer        RSS Feed
-----

PHP for n00bs - Why hash passwords and not encrypt them? Make a simple hashing program!

Icon Leave Comment
For you n00bs out there, I thought I would make a little post on one of the hugest mistakes PHP n00bs make. Encrypt passwords instead of hashing them on their website.

Epic Comic Explaining Encryption:

Posted Image




And that, my children, is why we hash. On a serious note, if an attacker was able to get his key, they could use it to decrypt, whatever was encrypted with that key.

You see, encryption is made up of one key features. Hint: It's in the sentence.

Posted Image


The Key! Keys in encryption are basically a way to back track what you wrote. Every encryption has a key, so you can decrypt it. The difference between hashing and encryption, is that in hashing you can't back track what you have converted. This is why you want to hash, because you never want your client to look like this:
Posted Image


Now lets study the anatomy of the hash. A hash is a digest, which many people get confused about. People think of a hash as a type of encryption, but to encrypt you need a key to unlock it. It is very important to take this in, because they are two completley different things that are mixed up a lot of the time. Lets look at this picture:
Posted Image
I have a little rule called the 3 rules of hash. The first rule is the string. The string(text) is the first element of a hash. Without text, why would we need hashes? The second rule is the start of the process, the hash function. The hash function takes the text, and digests it, encrypting it into the unknown. The third process is storing the encrypted text. Now that you know how a hash works, lets make our own little quick and dirty program that demonstrates hashing!
HTML:

<form action="hash.php" method="post"> 
 Password: <input type="text" name = "pass"><br> 
 <input type="submit" value="Submit"> 
 </form> 


hash.php:

<?php
$password = $_POST['pass'];
$passHashed = hash('sha512', $password); /*sha512 encryption*/
mysql_connect("my.sqldatabase.com", "RCR", "password"); /*My password is so secure*/
mysql_select_db("database");
mysql_query("INSERT INTO `passwords` VALUES ('$passHashed');



And there's a simple hash program! Good luck studying your hashing!

- RCR

0 Comments On This Entry

 

Trackbacks for this entry [ Trackback URL ]

There are no Trackbacks for this entry

September 2014

S M T W T F S
 123456
78910111213
14151617181920
2122 23 24252627
282930    

Tags

    Search My Blog

    0 user(s) viewing

    0 Guests
    0 member(s)
    0 anonymous member(s)

    Categories