Summary: Cryptography is a technical science that studies the preparation password (we are referred to as encryption: Encode) and decipher password (we call it decrypt: decode). The objective law of the password change is applied to the preparation of passwords to keep communication secrets. It is called coding; applied to the deciphering password to obtain communication intelligence, referred to as decipherive learning, generally called cryptography. Normally, people will be able to understand the text called clear text; refer to the text-converted text-converted text called ciphertext. The process of transforming the plain text into a ciphertext is called encryption; its inverse process, that is, the process of transforming the ciphertext into a clear text. What data encryption is provided in php? PHP provides a CRYPT () function completes encryption function:
String Crypt (String Input_String [, String Salt])
This function completes the function called a single-way encryption, that is, it can encrypt some codes, but it is not possible to convert the password to the original codes. Once one-way encrypted passwords have fallen into third-party people, because they cannot be reduced as plaintext, there is no big use. When verifying the password entered by the user, the user's input is also a one-way algorithm. If the input is matched to the stored encrypted password, the input password must be correct. This function of the input_string parameter is a string that needs to be encrypted. The second parameter SALT is a bit string that can affect the encrypted dark code and further exclude the likelihood that is called pre-counting attacks. By default, PHP uses a 2-character DES interference string, if your system uses MD5, it uses a 12-character interference string. We can find the length of the interference string to be used by executing the following command: Print "The length of the interference string used is:". Crypt_salt_length; Crypt () supports four algorithms, below is it support The length of the algorithm and the corresponding SALT parameter: [Note: The following table]
algorithm
Salt length
Crypt_std_des2-character (default) CRYPT_EXT_DES9-Character Crypt_MD512-Character Beginning with $ 1 $ CRYPT_BLOWFISH16-Character Beginning with $ 2 $ 2 $
How to apply PHP data encryption function to user authentication? We use CRYPT () to implement user authentication. For example, we use a PHP program to restrict access to a directory, only allow registered users to access this directory. We put the data store a table of the MySQL database (this data table name is MEMBERS):
Mysql> Create Table Members (
then, we can enter the user's data to the table:
username
password
Tomkelod1c3777lkejohnba1t7vnz9awgkbillpaluvrwsrlz4u
The codes corresponding to these encrypted passwords are Tom, John and Bill, respectively. We will create an interference string according to the first two letters of the password:
$ SALT = SUBSTR ($ EnteredPassword, 0, 2); $ Userpswd = Crypt ($ EnteredPassword, $ SALT);
// USERPSWD then stores with the username in MySQL in Mysql, Crypt () and Apache's password - Answer verification system
Crypt () used in the default state is not the safest, so other better algorithms are needed, such as MD5 (), this function is required to use MD5 hash algorithms. How to encrypt in MD5? The function encrypted in php is MD5 (), and one of its effect is mixed. A mixed function can convert a variable length information to have a fixed length that is mixed, also known as "information", which is useful because a fixed length string can be used. To check the integrity of the file and verify the digital signature and user identity. The PHP built-in MD5 () mixed function will convert a variable length information to a 128-bit (32 characters) information. An interesting feature of mixing is: can't get the original codes by analyzing the mixed information, because the mixed results is not dependent on the original clear content. Even if only one character in a string is changed, the MD5 mixed algorithm will also calculate two distinct results. Let's first look at the content of the table below and its corresponding results: use MD5 () mixed string
"PHP output: 7996b5E0804042fd531907a4900f190E Note that the length of 32 characters. We change the value of $ INPUT: Using MD5 () to mix a slightly changing string
"" PHP = "Hello, PHP World!"; $ Output = MD5 ($ INPUT); Print "Output: $ OTPUT"; ?>
Result: Check the slight change in the data.
