-2

What I am trying to do is self explanatory: I get a "username" and a "password" set by a user, and try to encrypt it.

Here's what I've tried so far:

//Firstly i recieve user and pswd
$usua=SQLite3::escapeString($_POST['usuario']);
$psw=SQLite3::escapeString($_POST['psw']);

//Then i proceed to encrypt
$key = md5('firstWord');
$salt = md5('secondWord');

function hashword($string,$salt){
    $string= crypt($string, '$1$'.$salt.'$');    
}

$psw = hashword($psw, $salt);

Some how this code always returns the same result: "$1$7b77d82".

What's wrong?

How would you do this?

Should i use Bcrypt?

Clearly this process should return different values for each password used but it doesn't.

Gonzalo H Ll
  • 39
  • 6
  • Your code is wrong: $key is never used and $salt is always the md5 of the string 'secondWord'. – conventi Apr 03 '16 at 22:32
  • You are right. Please keep going. How am I suppossed to do this? – Gonzalo H Ll Apr 03 '16 at 22:35
  • I don't understood what's your goal? You want encrypt username and password and concat them? – conventi Apr 03 '16 at 22:38
  • I get a "username" and a "password" set by a user, and try to encrypt it. – Gonzalo H Ll Apr 03 '16 at 22:40
  • Nevermind.. I've found this http://stackoverflow.com/questions/14330555/php-crypt-blowfish-function-not-working?rq=1 – Gonzalo H Ll Apr 03 '16 at 22:42
  • And you expect different results every time you hash the same string with the same hashing parameters? How would you imagine "decrypting" it? (by "decrypting" I of course mean hashing another input by user and comparing to already crypted string) – Kevin Kopf Apr 03 '16 at 22:44
  • 1
    Clearly I have no clue about what I am doing.. sorry guys.. will comeback later with better questions. – Gonzalo H Ll Apr 03 '16 at 22:47

1 Answers1

0

For a basic encrypt of username and password you can do that:

$usua=SQLite3::escapeString($_POST['usuario']);
$psw=SQLite3::escapeString($_POST['psw']);

$salt = "aString";

$encryptedUsr = crypt($usua, $salt);
$encryptedPsw = crypt($psw, $salt);

The crypt(string $string, [string $salt]) function have two parameters: the string to encrypt and an optional string named $salt that is used to base the hashing on.

conventi
  • 430
  • 3
  • 8