CodeIgniter - Why does encrypting with the same key produce different results?

Question

I use codeigniter a lot, however I am not really understanding why when I use the encryption library in version 3 the encryption string never comes out the same, even using the

Answer 1

Try the md5 encryption its good and best till now. In controller before send password like this:

md5($this->input->post('password));

or use hash() or SHA256/SHA512 they do it well.

It will do the trick.

Enjoy!

Answer 2

Codigniter documentation:

DO NOT use this or any other encryption library for user password storage! Passwords must be hashed instead, and you should do that via PHP’s own Password Hashing extension.

http://www.codeigniter.com/userguide3/libraries/encryption.html

Fully explained here:

http://php.net/manual/en/faq.passwords.php

Answer 3

Randomized encryption is a security property necessary to achieve semantic security. If the encryption would not be randomized then an attacker might detect whether (prefixes of) messages were previously sent only by observing the ciphertexts. You generally don't want the attacker to know anything about the plaintexts except the length.

An encryption function has always a corresponding decryption function. It seems that you're only using one way of the two functions. You should never encrypt your user's passwords. You need to use hashing instead with some strong ones being PBKDF2, bcrypt, scrypt and Argon2. Since hash functions are one-way function, you won't be able to "decrypt" the hashes. In order to authenticate your user, you can run the password through the hash function again in order to compare with the hash that is stored in the database. See more: How to securely hash passwords?