How to Encrypt&Decrypt passwords in PHP?

Question

I want to Encrypt a passwords to this Syntax:

CWsodEV5xi9F0D8Vxw1fSZ==

I do not know what kind of this encryption for syntax

please I want Encrypt & Decrypt Function!

thanks

Answer 1

PHP has a bunch of built-in hashing functions so you can use those. According to the PHP reference you can use either the md5, sha1 or hash functions.

Make sure you salt the password before hashing it. A salt is simply a random number added to the password to prevent a rainbow table attack. Make sure the salt is new and random for each user.

Your password database should therefore contain three columns: username, salt and hash. You can verify a password by repeating the procedure with the stored salt and comparing hashes. Passwords should never be stored unencrypted or unhashed.

The format you describe looks like base64, which is NOT encryption or hashing. See the other answers for how to encode/decode base64, but remember that you need proper hashing if you are handling passwords.

Answer 2

I'm not sure about what you try to accomplish, but in general: Please develop applications in such a way that user passwords are not retrievable in plaintext in any way (e.g. no decode function).

Since many users use the same password on multiple services, I consider it bad practice if it is technically possible to view the password of a user: If you service (or your hosting company) somehow fails to protect, say, the database with passwords + mailadresses, these users are out in the open: these credentials potentially open the doors to many abuses on different apps / websites. In short: I wouldn't want to even appear to be responsible for that.

As some answers above point out, it is very preferable to use a secure hashing algorithm on your password system /database. Hash functions are irrevirsible, which means: if you do

valid_key = sha1(password + salt);  // store in database when user chooses / changes password

and then, if you want to authenticate that user, you just do it again: provide the salt (also in the database, could be the username and/or a random value) and calculate the hash again:

user_key = sha1(password_attempt + salt)

Then, you simply compare the user_key to the valid_key:

if(user_key == valid_key)
  // authentication succesfull
else
  // wrong password

This was just a short example, of course there are many different implementations and hashing algorithms, these are just the basics.

An additional advantage of hashing is this: the hashes (which you store in your app, e.g. database) are always the same length (sha1 is always a 160 bit hex value).

So you can give the paranoid users the ability to make a password of insane lengths if they like, with all kinsd of strange characters in it (like backticks or spaces), while it doesnt cost you any extra storage space.

Hope i gave you the information you needed. Of course, it may be the case that you already know about hashing etc. and are just looking for a specific hash function which may have produced the hash you provided in the question. In that case, just ignore this post ;)

[EDIT] Nowadays there are much better alternatives, such as PBKDF2, Bcrypt (see this question) or even Scrypt. Please do consider one of these schemes, as they are much more secure, especially for relatively short passwords.

Answer 3

I think it is base64 algorithm

Answer 4

To encode the password:

$password = base64_encode($string_enter_by_user);

To decode password:

$password = base64_decode($string_enter_by_user);

Note: You should use at least a one way password method like MD5, by doing so if one day someone access your DB all your users passwords will be protected. The only down side is that you will never know the users passwords. Also MD5 encryption will always be 32 characters long.

To use MD5:

$password = md5($string_enter_by_user);