Geek Answers Handbook

PHP and MySQL Security: One-Way Encryption Vs Two-Way Encryption

I read about using MySQL AES_ENCRYPT / AES_DECRYPT (two-way encryption) is less secure than using PHP - hash () (one-way encryption).

http://bytes.com/topic/php/answers/831748-how-use-aes_encrypt-aes_decrypt

Is it true that it is safer "Instead of sending the user your password, just send him a link that he can click to reset his password."

And besides, if I use MySQL AES_ENCRYPT / AES_DECRYPT (which I am very interested in ...), how to determine the key that MySQL can accept? for example, is key length important? or can I just use "123123 @ 123123" as the key?

thanks!

+4
source share
5 answers

There is a fundamental difference between the two concepts of hashing and encryption:
Encryption can be reversed , hashing cannot (at least this idea).

If an attacker gains access to passwords in the database and knows the key that you used to encrypt them, they will be able to recover the specified passwords. If they are hashed, they cannot do it.

This is why passwords should always be hashed (and salted), never encrypted.

for example, is key length important? or can I just use "123123 @ 123123" as the key?

AFAIK MySQL AES_ENCRYPT can accept keys of arbitrary length; but, obviously, shorter keys make it easier for an attacker to force execution (i.e. try all possible combinations).

+7
source

Two-way encryption is inherently less secure, since real data is stored somewhere. That is, you have a hi password. Then you get it, you get 5d41402abc4b2a76b9719d911017c592. This does not make sense for a normal person, and they will not know how to decrypt it without knowing the correct encryption algorithm. They cannot use this either because only the original password is used. You verify the password by hashing it and comparing it with the hash (also stored). 5d41402abc4b2a76b9719d911017c592 hashes 69a329523ce1ec88bf63061863d9cb14, so they do not match. Even if the user knows the hashed password, he cannot extract anything from it.

That way you can store encrypted data, but if you decrypt it when you pull it out, then anyone can use it.

The security of sending a link to a user compared to giving them a password is another problem. If you email the password, it prints out in plain text so that everyone can see (and use). Providing them with a link that allows them to enter a new password means that no one will see it, which is a bit more secure, but if someone who has committed fraud has access to this link, it will still cause problems.

About AES, I can't find out too much about this at a glance, but it doesn't seem like it matters that you encrypt. Therefore, if you use AES_DECRYPT (AES_ENCRYPT ('x', 'b'), 'b'); it will return an "x". You must follow the key.

+2
source

If you store passwords on your server with symmetric encryption, you need to decode the saved password in order to test it on the user's password. This means that the key must also be stored on the server. This means that anyone who compromises your webapp can extract and decrypt each user password. (And use them to compromise other accounts in which the user used the same password.)

Password hashing means that you cannot pass the password to the attacker because you do not even know what it is. You can still check if the sent password is the same as the original password by hashing it using the same algorithm and salt, so you can still determine whether the password passed is correct or incorrect without knowing what the password is.

Using hashed passwords means that you cannot tell the user that their password was in the "reset password" option. But you still don’t want to do this, especially with regard to an unsafe mechanism such as email. One-time, limited-time reset -password links serve the same purpose with less potential damage.

+1
source

For passwords, one-way hashes are almost always the way to go. One-way hashes mean that the likelihood that any user except the user will be able to find out their password is much less.

If you choose a one-way route, you need to set a reset password. If done correctly, it should be safe enough for most purposes. To get better security, you can add things like security questions (for example, β€œWhat is your favorite color?”), Which the user will have to answer before receiving the reset password in the letter.

As for the keys for AES_ENCRYPT / DECRYPT-- MySQL will accept variable lengths for the key parameter for functions, but it will use a 128-bit key regardless of whether it is in your interests to pass at least 128 bits' worth.

+1
source

One-way encryption means that you can only encrypt. (For example, you encrypt the password and save the result. Whenever a user authenticates, you encrypt what the user enters and compares. In this scenario, there is no need for decryption.)

Two-way encryption means encryption and decryption is available. In PHP, this is done using the mcrypt_encrypt() and mcrypt_decrypt() functions.

0
source

More articles:


All Articles