Subscribe to From The Mind of a Programmer        RSS Feed

PHP for n00bs - Why hash passwords and not encrypt them? Make a simple hashing program!

Icon Leave Comment
For you n00bs out there, I thought I would make a little post on one of the hugest mistakes PHP n00bs make. Encrypt passwords instead of hashing them on their website.

Epic Comic Explaining Encryption:

Posted Image

And that, my children, is why we hash. On a serious note, if an attacker was able to get his key, they could use it to decrypt, whatever was encrypted with that key.

You see, encryption is made up of one key features. Hint: It's in the sentence.

Posted Image

The Key! Keys in encryption are basically a way to back track what you wrote. Every encryption has a key, so you can decrypt it. The difference between hashing and encryption, is that in hashing you can't back track what you have converted. This is why you want to hash, because you never want your client to look like this:
Posted Image

Now lets study the anatomy of the hash. A hash is a digest, which many people get confused about. People think of a hash as a type of encryption, but to encrypt you need a key to unlock it. It is very important to take this in, because they are two completley different things that are mixed up a lot of the time. Lets look at this picture:
Posted Image
I have a little rule called the 3 rules of hash. The first rule is the string. The string(text) is the first element of a hash. Without text, why would we need hashes? The second rule is the start of the process, the hash function. The hash function takes the text, and digests it, encrypting it into the unknown. The third process is storing the encrypted text. Now that you know how a hash works, lets make our own little quick and dirty program that demonstrates hashing!

<form action="hash.php" method="post"> 
 Password: <input type="text" name = "pass"><br> 
 <input type="submit" value="Submit"> 


$password = $_POST['pass'];
$passHashed = hash('sha512', $password); /*sha512 encryption*/
mysql_connect("", "RCR", "password"); /*My password is so secure*/
mysql_query("INSERT INTO `passwords` VALUES ('$passHashed');

And there's a simple hash program! Good luck studying your hashing!


0 Comments On This Entry


Trackbacks for this entry [ Trackback URL ]

There are no Trackbacks for this entry

May 2018

20 212223242526


    Search My Blog

    0 user(s) viewing

    0 Guests
    0 member(s)
    0 anonymous member(s)