加密的完美方式&;用PHP解密密码、文件?
我在这个主题上做了一系列的研究,但不幸的是,我没有找到一个在PHP中加密和解密文件的完美方法。这意味着我要做的是找到一些方法来加密和解密我的项目,而不用担心cracker知道我的算法。如果某个算法需要保密和隐藏,它无法解决我的问题,而一旦逻辑通过任何地方共享,或者他们闯入我的服务器并获取源文件,那么应该使用相同的解密算法对其进行解密。以前我在StackOverFlow网站上发现了几篇很棒的帖子,但它仍然不能回答我的问题 从我通过阅读得出的结论来看,这是世界上最好的密码加密方法。河豚加密。这是一种单向散列算法,迭代次数为1000次,使得cracker使用相同规格的GPU解密需要7年时间 显然,这使得单向散列无法解密 在PHP中加密和解密密码的最佳方法,正如这个问题引用的那样。参考我在网上发现的,sha1和md5都是破解算法,即使我们将算法从 到 难道这不只是增加了解密的韧性,但仍然可以破解,而只是时间问题 我正在考虑使用我们的服务器处理器/硬盘GUID生成salt并加密密码 这仍然是一些愚蠢的方式,而cracker获得了对服务器的访问权,他们可以使用PHP来回显GUID并进行解密。或者,如果它起作用,几年后我的网站将陷入困境。原因是硬盘,处理器永远不会持久。当我的处理器或硬盘关闭时,就是我的网站关闭并丢失所有凭据的时候 更新 在PHP中发现了一个关于河豚解密的问题。它是否解决了寻找安全的加密方式和其他人难以解密的问题加密的完美方式&;用PHP解密密码、文件?,php,file,codeigniter,encryption,blowfish,Php,File,Codeigniter,Encryption,Blowfish,我在这个主题上做了一系列的研究,但不幸的是,我没有找到一个在PHP中加密和解密文件的完美方法。这意味着我要做的是找到一些方法来加密和解密我的项目,而不用担心cracker知道我的算法。如果某个算法需要保密和隐藏,它无法解决我的问题,而一旦逻辑通过任何地方共享,或者他们闯入我的服务器并获取源文件,那么应该使用相同的解密算法对其进行解密。以前我在StackOverFlow网站上发现了几篇很棒的帖子,但它仍然不能回答我的问题 从我通过阅读得出的结论来看,这是世界上最好的密码加密方法。河豚加密。这是一种
谁能建议我如何克服这个问题?谢谢 请记住,要破解密码,黑客首先必须访问加密密码。为了做到这一点,他们必须破坏服务器的安全性,如果站点编码正确(正确的转义或准备好的语句),这是不可能的 最强大但最简单的加密形式之一是XOR,但它完全依赖于密钥。如果密钥的长度与编码文本的长度相同,那么如果没有该密钥,它是完全不可破解的。即使有一半的文本长度的关键是极不可能被打破
不过,最终,您选择的任何方法都会受到FTP/SSH/允许您访问服务器文件的任何密码的保护。如果您自己的密码被泄露,黑客可以看到一切。在对PHP进行了一些研究,特别是随机数生成之后,使用PHP进行安全加密的唯一方法是使用OpenSSL包装。尤其是mcrypt的创建者都是一群白痴,请看一看他们的示例中没有如何执行加密的例子:
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = "This is a very secret key";
$text = "Meet me at 11 o'clock behind the monument.";
echo strlen($text) . "\n";
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
echo strlen($crypttext) . "\n";
请注意,默认情况下,MCRYPT_RAND没有很好地播种。此外,仅在上述代码中就至少有5个错误,他们无法修复
[编辑]请参见下面的示例。请注意,该样本也不是很安全(如上所述)。此外,通常你不应该加密密码
# the key should be random binary, use scrypt, bcrypt or PBKDF2 to convert a string into a key
# key is specified using hexadecimals
$key = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3");
echo "Key size (in bits): " . $key_size * 8 . "\n";
$plaintext = "This string was AES-256 / CBC / ZeroBytePadding encrypted.";
echo "Plain text: " . $plain_text . "\n";
$ciphertext_base64 = encryptText($key, $plaintext);
echo $ciphertext_base64 . "\n";
function encryptText(string $key_hex, string $plaintext) {
# --- ENCRYPTION ---
# show key size use either 16, 24 or 32 byte keys for AES-128, 192 and 256 respectively
$key_size = strlen($key);
# create a random IV to use with CBC encoding
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
# use an explicit encoding for the plain text
$plaintext_utf8 = utf8_encode($plaintext);
# creates a cipher text compatible with AES (Rijndael block size = 128) to keep the text confidential
# only suitable for encoded input that never ends with value 00h (because of default zero padding)
$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plaintext_utf8, MCRYPT_MODE_CBC, $iv);
# prepend the IV for it to be available for decryption
$ciphertext = $iv . $ciphertext;
# encode the resulting cipher text so it can be represented by a string
$ciphertext_base64 = base64_encode($ciphertext);
return $ciphertext_base64;
}
# === WARNING ===
# Resulting cipher text has no integrity or authenticity added
# and is not protected against padding oracle attacks.
# --- DECRYPTION ---
$ciphertext_dec = base64_decode($ciphertext_base64);
# retrieves the IV, iv_size should be created using mcrypt_get_iv_size()
$iv_dec = substr($ciphertext_dec, 0, $iv_size);
# retrieves the cipher text (everything except the $iv_size in the front)
$ciphertext_dec = substr($ciphertext_dec, $iv_size);
# may remove 00h valued characters from end of plain text
$plaintext_utf8_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);
echo $plaintext_utf8_dec . "\n";
请阅读这篇文档丰富的文章,它是为那些希望密码加密例程是可逆的PHP开发人员准备的 即使该类用于密码加密,您也可以使用它对任何文本进行加密/解密
function encryption_class() {
$this->errors = array();
// Each of these two strings must contain the same characters, but in a different order.
// Use only printable characters from the ASCII table.
// Do not use single quote, double quote or backslash as these have special meanings in PHP.
// Each character can only appear once in each string.
$this->scramble1 = '! #$%&()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~';
$this->scramble2 = 'f^jAE]okIOzU[2&q1{3`h5w_794p@6s8?BgP>dFV=m D<TcS%Ze|r:lGK/uCy.Jx)HiQ!#$~(;Lt-R}Ma,NvW+Ynb*0X';
if (strlen($this->scramble1) <> strlen($this->scramble2)) {
trigger_error('** SCRAMBLE1 is not same length as SCRAMBLE2 **', E_USER_ERROR);
} // if
$this->adj = 1.75; // this value is added to the rolling fudgefactors
$this->mod = 3; // if divisible by this the adjustment is made negative
}
更新:
$crypt = new encryption_class();
$crypt->setAdjustment(1.75); // 1st adjustment value (optional)
$crypt->setModulus(3); // 2nd adjustment value (optional)
/**
*
* @param string $key - Your encryption key
* @param string $sourceText - The source text to be encrypted
* @param integer $encLen - positive integer indicating the minimum length of encrypted text
* @return string - encrypted text
*/
$encrypt_result = $crypt->encrypt($key, $sourceText, $encLen);
/**
*
* @param string $key - Your encryption key (same used for encryption)
* @param string $encrypt_result - The text to be decrypted
* @return string - decrypted text
*/
$decrypt_result = $crypt->decrypt($key, $encrypt_result);
上面的类不是用来加密文件的,但是你可以
//class for encrypt/decrypt routines
require 'class.encryption.php';
//configuring your security levels
$key = 'This is my secret key; with symbols (@$^*&<?>/!#_+), cool eh?!!! :)';
$adjustment = 1.75;
$modulus = 2;
//customizing
$sourceFileName = 'source-image.png';
$destFileName = 'dest-image.png';
$minSpecifiedLength = 512;
//base64 encoding file contents, to get all characters in our range
//binary too!!!
$sourceText = base64_encode(file_get_contents($sourceFileName));
$crypt = new encryption_class();
$crypt->setAdjustment($adjustment); //optional
$crypt->setModulus($modulus); //optional
//encrypted text
$encrypt_result = $crypt->encrypt($key, $sourceText, $minSpecifiedLength);
//receive initial file contents after decryption
$decrypt_result = base64_decode($crypt->decrypt($key, $encrypt_result));
//save as new file!!!
file_put_contents($destFileName, $decrypt_result);
//用于加密/解密例程的类
需要'class.encryption.php';
//配置您的安全级别
$key='这是我的私钥;用符号(@$^*&/!#+),酷吧?!!!:);
美元调整=1.75;
$modules=2;
//定制
$sourceFileName='sourceimage.png';
$destFileName='dest image.png';
$minSpecifiedLength=512;
//base64编码文件内容,以获取范围内的所有字符
//也是二进制的!!!
$sourceText=base64_编码(文件获取内容($sourceFileName));
$crypt=新加密_类();
$crypt->setAdjustment($adjustment)//可选择的
$crypt->setmodules($modules)//可选择的
//加密文本
$encrypt_result=$crypt->encrypt($key、$sourceText、$minSpecifiedLength);
//解密后接收初始文件内容
$decrypt_result=base64_decode($crypt->decrypt($key,$encrypt_result));
//另存为新文件!!!
文件内容($destFileName,$decrypt\u result);
到目前为止,我知道保存密码的最佳方法是使用joomla中使用的盐渍哈希。您还可以将额外的键与传统的base64一起添加到md5哈希中
Joomla使用咸md5密码。使用您提供的散列密码:30590cccd0c7fd813ffc724591aea603:WDmIt53GwY2X7TvMqDXaMWJ1mrdZ1sKb
如果您的密码是“password”,则:
md5('passwordWDmIt53GwY2X7TvMqDXaMWJ1mrdZ1sKb')=30590cccd0c7fd813ffc724591aea603
所以,带上你的密码。生成一个随机的32字符字符串。计算与随机字符串连接的密码的md5。将md5结果加上:加上随机的32个字符串存储在数据库中。您的问题
$crypt = new encryption_class();
$crypt->setAdjustment(1.75); // 1st adjustment value (optional)
$crypt->setModulus(3); // 2nd adjustment value (optional)
/**
*
* @param string $key - Your encryption key
* @param string $sourceText - The source text to be encrypted
* @param integer $encLen - positive integer indicating the minimum length of encrypted text
* @return string - encrypted text
*/
$encrypt_result = $crypt->encrypt($key, $sourceText, $encLen);
/**
*
* @param string $key - Your encryption key (same used for encryption)
* @param string $encrypt_result - The text to be decrypted
* @return string - decrypted text
*/
$decrypt_result = $crypt->decrypt($key, $encrypt_result);
//class for encrypt/decrypt routines
require 'class.encryption.php';
//configuring your security levels
$key = 'This is my secret key; with symbols (@$^*&<?>/!#_+), cool eh?!!! :)';
$adjustment = 1.75;
$modulus = 2;
//customizing
$sourceFileName = 'source-image.png';
$destFileName = 'dest-image.png';
$minSpecifiedLength = 512;
//base64 encoding file contents, to get all characters in our range
//binary too!!!
$sourceText = base64_encode(file_get_contents($sourceFileName));
$crypt = new encryption_class();
$crypt->setAdjustment($adjustment); //optional
$crypt->setModulus($modulus); //optional
//encrypted text
$encrypt_result = $crypt->encrypt($key, $sourceText, $minSpecifiedLength);
//receive initial file contents after decryption
$decrypt_result = base64_decode($crypt->decrypt($key, $encrypt_result));
//save as new file!!!
file_put_contents($destFileName, $decrypt_result);
function the_awesomest_hash($password)
{
$salt1 = "awesomesalt!";
$password = $salt1 . $password;
for($i = 0; $i < 10000; $i++)
{
$password = hash('sha512', $password);
}
// Some time has passed, and you have added to your hash function
$salt2 = "niftysalt!";
$password = $salt2 . $password;
for($i = 0; $i < 10000; $i++)
{
$password = hash('futuresuperhash1024', $password);
}
return $password;
}
function update_hash($password)
{
// This is the last part of your the_awesomest_hash() function
$salt2 = "niftysalt!";
$password = $salt2 . $password;
for($i = 0; $i < 10000; $i++)
{
$password = hash('futuresuperhash1024', $password);
}
return $password;
}