Reversable Encryption OR Storing Passwords online

[PoorDoggie]

I need to store people's passwords online in a mysql database. The point is that they need to be able to be "got back".

ie: user x logs in and then it gets another of his passwords that he gave us, from a mysql database.

obviouslly to bring up the the second password it means that I can't store it in md5 format because that is irreversible (i think).

Is there any way of making those passwords secure with the option of getting them back?

Thanks
Tom

 

[Shorty]

Simple answer: It's impossible to "securely" encrypt a password.

Your best bet is doing lots of string manipulation algorithms, and then doing the reverse when looking to get them back. Discover an efficient and reversible way to store passwords securely and they'll give you a Nobel prize.

 

[Xonium]

What are those second passwords used for?

 

[Kate]

Tom,

I will give you my suggestion: use non-reversible password hash (with md5 or sha1), if user forget their password, instead of sending a reminder to their E-mail assign a new one.
It's quite easy: you generate a random string, make a hash of it, update the record and send the random string to their E-mail as new password. (I assume you site has a way for users to change their password to something else if they wish).

 

[PoorDoggie]

What are those second passwords used for?

I cannot tell you, but for instance, lets say that Ebay had an api which meant that I could get a user's information off their servers and ebid also have a site which could do that too. I would make a website that would allow users to manage their ebay and ebid accounts in one place. This would require me to store their ebay and ebid usernames and passwords.

I have spoken to my host and they assure me that their servers are highly secured, and are behind firewalls only allowing requests through from MY site, but I just wanted some added piece of mind. I am working on string manipulation techniques though.

Thanks
Tom

 

[nasaboy007]

well i did something like this recently, but its reallly slow and unoptimized cuz i just made it for the idea rather than for optimization.

http://www.namepros.com/programming/182172-encoding-and-decoding.html#post1172402


also, i dont know how u wud determine the "key" string just by the password. unless u count the number of chars in the password and use that number as ur "key" value.

then to decode it, i guess u cud count the number of chars in each and have an algorithm that can determine the number of times something was base64ed (or w/e) and undo it... its a blurry idea, and i dont even know if it can be done, but its worth a try.

 

[abdulmueid]

nasaboy007: That script is quite neat indeed but the problem is that base64 is reversible, very easily so if someone gets access to the database with base64 encoded passwords, it will be easy to decode them.

PoorDoggie: If I were you and I wanted some serious security with the passwords, I would let the users have numerical passwords only and manipulate them using a custom algorithm. The algorithm would be made up of reversible mathematical functions i.e. sin/cos, exponential formulas, etc in an ordered sequence which only you/coder knows. The final result would then be saved in the database.

And really, If I had the time to read-up my old textbooks and do some coding, I would've followed the above method myself.

 

[PoorDoggie]

hmm, the problem is that the passwords I am storing are for external websites, and people may not want to have a compeletely numerical password.

Can anyone think of a way of converting a string completely to a numerical value? You could use place in the alphabet (ie: a=1 b=2 ... z=26) but then again, there is no way to distinguish between text and real numbers and parts of text (eg: 26 could be either "z" or "bf")

hmm... any ideas?

Unless anyone comes up with anything better than this, then this will do.

I really would like to try out encrypting, and will get started on a script to try and reversibly encrypt a string.

Tom

well i did something like this recently, but its reallly slow and unoptimized cuz i just made it for the idea rather than for optimization.

http://www.namepros.com/programming/182172-encoding-and-decoding.html#post1172402


also, i dont know how u wud determine the "key" string just by the password. unless u count the number of chars in the password and use that number as ur "key" value.

then to decode it, i guess u cud count the number of chars in each and have an algorithm that can determine the number of times something was base64ed (or w/e) and undo it... its a blurry idea, and i dont even know if it can be done, but its worth a try.

 

[Shorty]

$replacethis[0] = '/a/i';
$withthis[0] = '1.';
	
$replacethis[1] = '/b/i';
$withthis[1] = '2.';

// All the way up to:
$replacethis[25] = '/z/i';
$withthis[25] = '26.';

$encryptedpass = preg_replace($replacethis, $withthis, $password); 

// So if $password contains abz
// $encryptedpass is 1.2.26.

And that's that, to convert back you just do:

$replacethis[0] = '/1./i';
$withthis[0] = 'a';

$replacethis[1] = '/2./i';
$withthis[1] = 'b';

// All the way up to:

$replacethis[25] = '/26./i';
$withthis[25] = 'z';

$originalpass = preg_replace($replacethis, $withthis, $encryptedpass);

Bear in mind you will want to create replacements for non alphanumeric letters too. And the "i" tagged on the end of the $replacethis array means it will replace both a & A, non case sensitive.

Hope that helps a bit.

 

[MrBarby]

Try something like RC4... its pretty secure:
http://www.phpclasses.org/browse/file/14074.html

Also look at the mcrypt function on PHP.net.

As long as the server is 'unhackable' then you're fairly secure, even if the SQL is flakely and has allowed someone to dump the table.

$replacethis[0] = '/a/i';
$withthis[0] = '1.';
	
$replacethis[1] = '/b/i';
$withthis[1] = '2.';

// All the way up to:
$replacethis[25] = '/z/i';
$withthis[25] = '26.';

$encryptedpass = preg_replace($replacethis, $withthis, $password); 

// So if $password contains abz
// $encryptedpass is 1.2.26.

And that's that, to convert back you just do:

$replacethis[0] = '/1./i';
$withthis[0] = 'a';

$replacethis[1] = '/2./i';
$withthis[1] = 'b';

// All the way up to:

$replacethis[25] = '/26./i';
$withthis[25] = 'z';

$originalpass = preg_replace($replacethis, $withthis, $encryptedpass);

Bear in mind you will want to create replacements for non alphanumeric letters too. And the "i" tagged on the end of the $replacethis array means it will replace both a & A, non case sensitive.

Hope that helps a bit.

 

[PoorDoggie]

hey, did have a go! see if anyone can crack this: http://www.6yd.net/encryption/

in fact, I am so confident that no-one can crack it, I am willing to bet ALL my NP$ that no-one can!

(now am off to revise! bye!)

 

[abdulmueid]

PoorDoggie: I am pretty sure that site is using the MCRYPT hash to encode and decode the string. I did little reading on that, it is actually better than base64 in my opinion since you need a "key" to unlock the cipher. Pretty smart stuff.

www.php.net/mcrypt

 

[nasaboy007]

oh yeah mcrypt...

ohhh now i remember y i didnt use that. it was simply for the sake that i didnt wanna install the mcrypt stuff since it didnt come standard.


if u wanna go with the convert-to-number-and-perform-math-algorithm i suggest u convert to binary (or some other base, i just like binary hehe) and then do it. google "php text to binary converter" and the first hit should have the source of their script posted up there. use that as a guideline if u dont noe where to start.

 

[PoorDoggie]

its not using mcrypt - but I will look into it!

 

[Shorty]

The point is, if you use a standard cypher then anybody can use a standard decypher. There isnt much point in it, if someone wants a password thats encrypted rather than hashed, they can easily get it.

 

[Jim_]

Here's an idea: Encrypt/decrypt the passwords with blowfish using a secret key. Just make sure you encrypt the portion of php code where you declare the key using a fancy encoder.

 

[Keral_Patel]

write your own function to encrypt andd decrypt this passwords. Even a simple algo will be very hard to guess for a guy who knows nothing about it. :D

If you want some ready made algos then let me know I have written some for my personal use on my websites.

 

[nasaboy007]

noob question: whats the difference between an encryption and a hash? why is one more secure than the other? is it in the way they are made?

 

[abdulmueid]

nasaboy007: Hash means one way encryption and encryption is, well you know, encryption.

 

[MikeBigg]

How about Alexander Pukall's PC1 algorithm?

http://membres.lycos.fr/pc1/

It is not aimed specifically at passwords, but may do the trick for you.

Sources are there, but not for PHP.

I have put a simple tester program (it is a windows app) up so you can have a play and see what you think. You can get it from:

http://www.upload2go.com/pc1/pc1_tester.zip

Mike

 

[Shorty]

nasaboy007: Hash means one way encryption and encryption is, well you know, encryption.

Haha, well put, but let me elaborate a little.

Hashing is a method of encryption where there isnt a way to decrypt. However, if you get your hands on a hash, you can always "brute force" it. This means basically putting into a program where it checks the hashed string against a giant list. (If you hash the same thing twice it will always have the same hashed result.)

And that is why having dictionary words as a password makes it weak. The first thing a brute forcer will do is check it against a dictionary list for a match, and then move onto number combinations.

Which means if your password is a combination of upper case, numbers, lower case and irregular characters, they would have to be running your password against a list infinitely large, which your average computer would take months or even years to crack.

 

[PoorDoggie]

Ok guys - here is the code, if you wanted to know:

<?php

function encrypt($str,$key){
  for($i = 0; $i < $key; $i++){
    // we want to encrypt each letter as many times as the $key val
    $n = 0;
    $newstr = "";
    while(isset($str{$n})){
      $newstr .= "!".base64_encode($str{$n});
      $n++;
    }
    $str = base64_encode($newstr);
  }
  return $str;
}

function decrypt($str,$key){
  for($i = 0; $i < $key; $i++){
    $str = base64_decode($str);
    $n = 0;
    $newstr = "";
    $bits = explode("!", $str); // we have split the string into seperate letters
    $fullstr = "";
    while(isset($bits[$n])){
      // decode a letter at a time
      $letter = base64_decode($bits[$n]);
      $fullstr .= $letter;
      $n++;
    }
    $str = $fullstr;
  }
  return $str;
}

if(isset($_POST['key']) && isset($_POST['str']) && isset($_POST['mode']) && ($_POST['mode'] == "encrypt" || $_POST['mode'] == "decrypt")){
  // we have vars
  $key = $_POST['key'];
  $str = $_POST['str'];
  $str = str_replace("!","",$str);
  $mode = $_POST['mode'];
  ?>
    <table>
      <tr>
        <td><textarea style="width: 850; height: 400" onFocus="this.select()"><?php if($mode == "encrypt"){ echo encrypt($str,$key); } else { echo decrypt($str,$key); } ?></textarea></td>
      </tr>
    </table>
  <?php
    }
    else{
  ?>
  
    <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" onSubmit="if(key.value>10){alert('Sorry, please keep the value of the key below 5, thanks.');key.value='5'};">
    
      String: <input name="str" /><br />
      KeyVal: <input name="key" /><br />
      Mode:   <select name="mode"><option value="encrypt">Encrypt</option><option value="decrypt">Decrypt</option></select><br />
      Submit: <input type="submit" value="Do it!" />
    
    <form>
  
  <?php
}

?>

storing keys in a seperate database may make it more secure or you could write some algorithm for storing the "key". Key in this case just means how many times you want it encrypted that way.

The only point I would mention is that the longer the string and the higher the "key" the longer the resulting string and therefore will take up more space in the database.

Just a question regarding hashes... - how can they be unreversible? surely that is impossible right?

 

[abdulmueid]

PoorDoggie: Your script is basically base64 on steroids (with keys). Actually it is still possible to reverse it by trying various keys.

MD5 is a irreversible hash. There is no real way to reverse it except use methods like brute-force or dictionary attack which is basically guessing and encrypting different combinations of alphabets and numbers and matching it with the encrypted string until right combination is found.

 

[nasaboy007]

but i dont understand, if the same cleartext input will always have the same hash, there must be SOME function/algorithm that the program is performing in order to get the hash, otherwise it would always be different. therefore, y can't sum1 just figure out this algorithm (example: that md5 uses) and just reverse it?

 

[PoorDoggie]

although potentially reversible, I am sure that that kinda encryption would be good enough for my site. I may look at mcrypt though. I thought my script was quite cool - it takes each letter of a string and base64 encodes each of them. It then keeps doing that with the latest encrypted string as many times as the "key" variable dictates. I think it would be very hard to try and decypher without the algorithm.

what is a hash exactlly? and repeating my question above, how can it be irreversible? surely if it goes one way, it can come back?