|
|
 |
|
|
Thread Tools | Display Modes |
Aug 22nd, 2005, 2:02 PM
|
#11 | |
|
Programming Guru
 
Join Date: Jul 2004
Location: United States
Posts: 3,467
Rep Power: 8
   |
Quote:
In the event that you decide to do this on a production level, I do suggest you go with one of the other routes suggested... specifically Tripple DES.
__________________
http://jasonpowers.net "There are a thousand hacking at the branches of evil to one who is striking at the root." |
|
|
|
|
Aug 22nd, 2005, 2:27 PM
|
#12 | |
|
Expert Programmer
Join Date: May 2005
Location: East Lansing, MI
Posts: 663
Rep Power: 4
|
Quote:
|
|
|
|
|
|
Aug 22nd, 2005, 2:34 PM
|
#13 |
|
Expert Programmer
Join Date: Aug 2005
Location: Rotterdam, the Netherlands
Posts: 942
Rep Power: 3
|
firstly, use this javascript file:
http://pajhome.org.uk/crypt/md5/md5.js include this file using <script src="md5.js" language="JavaScript"></script> then you can use the hex_md5 function to encrypt your values EDIT: here is a webpage which sends the encrypted version of the password <script>
function send_form() {
var form = document.forms.loginform;
form.user_pw_hash.value = hex_md5(form.user_pw.value);
form.user_pw.value = ""; // empty the not-hashed password
form.submit(); // submit the form
}
</script>
<form action="page_which_logs_you_in.php" method="get" name="loginform">
<input type="password" name="user_pw">
<input type="hidden" name="user_pw_hash">
<input type="button" onclick="send_form()">
</form> |
|
|
|
|
Aug 22nd, 2005, 2:35 PM
|
#14 |
|
Programmer
Join Date: Jul 2005
Posts: 62
Rep Power: 4
|
You shouldn't encrypt on the client side, it's completely useless when the user has javascript disabled, which inturn causes errors for you. While I do know that you are using this only to learn PHP it's a bad habit.
I use md5 just for simplicity's sake, but whatever works for you (knows he might get flamed for this). |
|
|
|
|
Aug 22nd, 2005, 2:39 PM
|
#15 |
|
Expert Programmer
Join Date: May 2005
Location: East Lansing, MI
Posts: 663
Rep Power: 4
|
But I'm receiving the password from the client using POST, should it not be encrypted when sent from the client to my server?
if yes, what would I use to encrypt it since, like Eryk said, javascript could be disabled? (assuming MD5 is used on server side) |
|
|
|
|
Aug 22nd, 2005, 2:40 PM
|
#16 | |
|
Expert Programmer
Join Date: Aug 2005
Location: Rotterdam, the Netherlands
Posts: 942
Rep Power: 3
|
Quote:
 .and @eryk: you won't get any errors when it's disabled.. users just gotta make sure javascript is turned on |
|
|
|
|
|
Aug 22nd, 2005, 2:46 PM
|
#17 | |
|
Expert Programmer
Join Date: May 2005
Location: East Lansing, MI
Posts: 663
Rep Power: 4
|
Quote:
 . Thanks Polyphemus. |
|
|
|
|
|
Aug 22nd, 2005, 2:46 PM
|
#18 | |
|
Programmer
Join Date: Jul 2005
Posts: 62
Rep Power: 4
|
Quote:
For example, when checking passwords if you encrypt input on the client side and you check them with JS disabled, it won't come out properly. The best idea is to just do it all in PHP. |
|
|
|
|
|
Aug 22nd, 2005, 2:55 PM
|
#19 |
|
Expert Programmer
Join Date: May 2005
Location: East Lansing, MI
Posts: 663
Rep Power: 4
|
I just read in the manual that PHP has a md5() function. I think it is better for me to use that.
Thanks for all the help. |
|
|
|
|
Aug 22nd, 2005, 3:05 PM
|
#20 | |
|
Professional Programmer
Join Date: Apr 2005
Location: Nowhere Special
Posts: 466
Rep Power: 4
 |
Quote:
__________________
% rc4 hexkey < input > output
#define S ,t=s[i],s[i]=s[j],s[j]=t /* rc4 hexkey <file */
unsigned char k[256],s[256],i,j,t;main(c,v,e)char**v;{++v;while(++i)s[
i]=i;for(c=0;*(*v)++;k[c++]=e)sscanf((*v)++-1,"%2x",&e);while(j+=s[i]
+k[i%c]S,++i);for(j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;} |
|
|
|
|
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
