Geen fout

Toon records

SELECT *, LENGTH( pw_encrypted), LENGTH( pw_hash_encrypted) FROM forum WHERE id = 1;

stdClass Object
(
    [id] => 1
    [username] => Harald
    [password] => Wachtwoord
    [enc_key] => 8AQ9Z6MR2VEV374
    [pw_hash] => $2y$10$N5p2HlltDs2VBtdYUPw44uXLUWUgqeTM2PVI3rGsTqfEeGY.KYmeO
    [pw_encrypted] => 0009E5F2A061696F9F8291E0A5652FC2
    [pw_hash_encrypted] => 0E261CB74A3D806F35F8059A0C9C55428D7E213761D6BEEA22F18CB171431C546847D07F65D09B5F5CF5E4248897B51D4C9AD6104AF7668C4C2B55763397AB21
    [enc_pw_encrypted] => 562D156DBA150EAF0E3329B29E171AC5
    [enc_pw_hash_encrypted] => 4BB867F59B4DB20AE7539EACD0E9150D17FF19F80914CCD390969756C25261191AE90F041B9F9AB8C55F9D6F41446E5BAC294ED11932C84B1286387047C93DBF
    [LENGTH( pw_encrypted)] => 32
    [LENGTH( pw_hash_encrypted)] => 128
)

Toon records NA UPDATE

In plaats van het password kan ook de hash van het wachtwoord worden encrypt.

In werkelijkheid wordt het wachtwoord NIET leesbaar bewaard.

In het geval de database wordt gejat, moet eerst de encrypted hash worden decrypt alvorens de hash zelf kan worden gekraakt.

De $SQL_encrypt_key variable moet op een veilige plek worden bewaard. De meningen verschillen over waar die veilige plek dan wel is.

Het encrypten/decrypten gebeurt door/op de MySQL/MariaDB databaseserver volgens onderstaande link.

https://mariadb.com/kb/en/aes_encrypt/

De toelichting voor het geval dat u ’m gemist heeft.

Download dit PHP bestand

User specific enc_key = BA5RGXNR60KHAHI

$query = "UPDATE forum SET pw_hash = '" . $pw_hash . "', pw_encrypted = HEX( AES_ENCRYPT( password, '" . $SQL_encrypt_key . "' ) ), pw_hash_encrypted = HEX( AES_ENCRYPT( pw_hash, '" . $SQL_encrypt_key . "' ) ) WHERE username <> '';";

UPDATE forum SET pw_hash = "$2y$10$Mn4pK7LvezQpTfr2FvObwu0EjYzUvUoTEoBWTh4YspMQHh5y0HyP.", enc_key = "BA5RGXNR60KHAHI", pw_encrypted = HEX( AES_ENCRYPT( password, "Carthago moet vernietigd worden" ) ), pw_hash_encrypted = HEX( AES_ENCRYPT( pw_hash, "Carthago moet vernietigd worden" ) ), enc_pw_encrypted = HEX( AES_ENCRYPT( password, "BA5RGXNR60KHAHI" ) ), enc_pw_hash_encrypted = HEX( AES_ENCRYPT( pw_hash, "BA5RGXNR60KHAHI" ) ) WHERE id = 1;

Parse encrypted

Form Input With Encryption
Field Value
ID1
UsernameHarald
passwordWachtwoord
hash$2y$10$Mn4pK7LvezQpTfr2FvObwu0EjYzUvUoTEoBWTh4YspMQHh5y0HyP.
enc_keyBA5RGXNR60KHAHI
 
pw_encrypted0009E5F2A061696F9F8291E0A5652FC2
pw_decryptedWachtwoord
pw_hash_encrypted9E7966D1E40E52BD38C00CB54AEDB6DE2F6770408B45B241A3E30536955E2E6B73E9BAEAF917A939754252A9826A2D0FF8AFFE08405B37030EA3DFA79D1A6B23
pw_hash_decrypted$2y$10$Mn4pK7LvezQpTfr2FvObwu0EjYzUvUoTEoBWTh4YspMQHh5y0HyP.
 
password is Valid
 
enc_keyBA5RGXNR60KHAHI
enc_pw_encrypted846023D85A5FFC6419BF7A0209DE6DA5
enc_pw_hash_encrypted5F9B27722A102A9EA949058D0E53F2694B3811D9AEC1DE7FF93E5837E2F8D055D9592BE39157537AE7D4EFCD6B68CFEA00D8F34972181F9D62D1681FF116985D
enc_pw_decryptedWachtwoord
enc_pw_hash_decrypted$2y$10$Mn4pK7LvezQpTfr2FvObwu0EjYzUvUoTEoBWTh4YspMQHh5y0HyP.
 
password is Valid