I plan to use the Kohana encryption class, but is there a better and more secure way of two-way processing? I want my users to be able to send requests for their previous passwords, and not give them a reset.
Any algorithms or libraries you can offer? prticularly in php?
I would not do two-way encryption. This is not encryption at all, since you will need access to the encryption key in the code so that all your passwords are effectively compromised.
, SHA1 MD5 ( SHA1). , , , , .
- , , , . , , . , , ? , . - .
:
base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($string), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
, , ( !) reset, / .
.
, , , , :
I would suggest a one-way hash (google for a better algorithm - SHA-1 was good a few years ago, but people are always making progress in breaking encryption algorithms). You simply apply the hash to the password provided by the end user, and compare it with the hashed password that you saved - if the received lines correspond to successful authentication.
If you want to use a trusted public key or symmetric key algorithm, at least try to never send your password over the network in plain text.