Example of an encrypted password hash storage in PHP
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
tests
LICENSE
README.md
example-encrypthash.php
example-hash.php
functions-encrypthash.php

README.md

Hash and encrypt, PHP examples

Example of an encrypted password hash storage in PHP, uses bcrypt for hashing and AES-128 in CBC mode for encryption. It uses defuse/php-encryption package for crypto operations. Do not encrypt just the passwords, encrypt only password hashes for extra security.

Usage

  • Install defuse/php-encryption via Composer first, or at least copy the Crypto.php file to your project
  • Don't write your own encryption functions

Key

Generate 128-bit key (in PHP hexdec-chars string) using

  • echo preg_replace('/(..)/', '\x$1', bin2hex(openssl_random_pseudo_bytes(16)));
  • or by running openssl rand -hex 16 | sed s/\\\(..\\\)/\\\\x\\1/g in bash

The key should be stored in the following format: "\xf3\x49\xf9\x4a\x0a\xb2 ...". Do NOT encode the $key with bin2hex() or base64_encode() or similar, they may leak the key to the attacker through side channels.

Files

Tests

Simple tests are included, run them with php tests/hash.php and php tests/encrypthash.php.