Suppose you want to immediately encrypt a user??™s chosen
password at the time of registration (which is typically a good idea). You could use
mhash() to do so, setting the hash parameter to your chosen hashing algorithm, and
data to the password you want to hash:
562 CHAPTER 21 ?– SECURE PHP PROGRAMMING
$userpswd = "mysecretpswd";
$pswdhash = mhash(MHASH_SHA1, $userpswd);
echo "The hashed password is: ".bin2hex($pswdhash);
?>
This returns the following:
The hashed password is: 07c45f62d68d6e63a9cc18a5e1871438ba8485c2
Note that you must use the bin2hex() function to convert the hash from binary
mode to hexadecimal so that it can be formatted in a fashion easily viewable within a
browser.
Via the optional parameter key, mhash() is also capable of determining message
integrity and authenticity. If you pass in the message??™s secret key, mhash() will validate
whether the message has been tampered with by returning the message??™s Hashed
Message Authentication Code (HMAC). You can think of the HMAC as a checksum
for encrypted data. If the HMAC matches the one that would be published along with
the message, the message has arrived undisturbed.
The MCrypt Package
MCrypt is a popular data-encryption package available for use with PHP, providing
support for two-way encryption (i.e., encryption and decryption). Before you can use
it, you need to follow these installation instructions:
1.
Pages:
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647