Best way to encode passwords in PHP

Question

I currently use,
base64_encode() to encode a user\'s password, this works well because it allows me to simply use base64decode() to dec

Answer 1

You can do the hashing on the server when authenticating in one quick query:

SELECT * FROM user WHERE password = MD5(CONCAT(?, salt));

Answer 2

You should let a user RESET a password but never RETRIEVE their password. That is why you would want to use a one-way hash (SHA2) instead of a form of encryption that lets you decode it.

Imagine if you left your email open. I could simply request to retrieve your password for some website, delete the email, and you would never know. On the other hand, if you required me to reset the password instead, the account password would change and the owner would obviously realize that something is wrong. (This is a dumb scenario but the concept is what's important)

Hashes can be "reversed" by trying all possible combinations of words (or using rainbow tables) until a matching hash is produced. One way to avoid this is to append/prepend the provided password with a salt to make it a very long and unpredictable string. The salt should be a unique string of data unique to the individual's account.

In PHP there is no SHA2 functon. SHA-2 is a family of hash algorithms, (SHA-256, SHA-384, SHA-512, etc...)

hash('sha256', 'The quick brown fox jumped over the lazy dog.');

Answer 3

Base64Encode offer no security, because anybody can reverse it easily.

If you absolutely need to reverse the password, a good way is to use a secret question, and to use the answer as an encryption key. Once the password is encrypted, you throw the answer away (you do not store it). You also use the standard sha1 encryption for the time when you need to verify that he enter the right password. If the user want its password, he enter the answer to its secret question, and you use that to restore the password and send it back to him.

It's not as secure as hash based encryption only, but if you need to send back the password it's a good compromise.

You may want to look at the mcrypt library for php http://ca3.php.net/mcrypt

Answer 4

You will want to use a hash(preferably sha1) with "salt"

Answer 5

I always delete my account only any sites that emails me my password. I put too much effort and time into memorizing long random passwords to have it sent to me in plain text.

Use sha1() or higher non-reversible hash to identify the password. When authenticating a user password, retrieve the hash, and compare it with the hash of the password supplied during authentication. If they match, then the user is authentic within reasonable standards.

$user = "joe";
$password = 'password';

$saved_hash = DB::Query("select hash from users where username = ".quote($user)." LIMIT 1");

if (sha256($password) == $saved_hash) User::authenticated();

Never, ever send passwords in email. Send a unique, non-predictable, generated key, such as in PHP:

$key = sha256(time().rand().$secret_seed);

Send this key to the client, for one time use, to set a new password.

Answer 6

An absolute must-read on this topic is Jeff's own You're Probably Storing Passwords Incorrectly. Here's the executive summary:

1. Do not invent your own "clever" password storage scheme.
2. Never store passwords as plaintext.
3. Add a long, unique random salt to each password you store.
4. Use a cryptographically secure hash.