Encrypten en Decrypten van een wachtwoord en wachtwoordhash

Toon records

SELECT *, LENGTH( pw_encrypted), LENGTH( pw_hash_encrypted) FROM forum WHERE id = 1;

stdClass Object
(
    [id] => 1
    [username] => Harald
    [password] => Wachtwoord
    [pw_hash] => $2y$10$fIoh7EvwAAiIBQH6sjBWIeN9KZbRANpa77xFREXm7ZYzKOysJRiKa
    [pw_encrypted] => 87E18F70A7E21A15040644BCB1FE312A
    [pw_hash_encrypted] => 520FF9CC757091A91A4DACF2608C714DA0ADFA5D0C9E1EAE1F6D422FCF7DAB091C85F8B9C1412EA3C69B3A2C16B28ADC7953A68D8A39DFD1BABCFCEF0052B9D1
    [LENGTH( pw_encrypted)] => 32
    [LENGTH( pw_hash_encrypted)] => 128
)

Toon records NA UPDATE

In plaats van het password kan ook de hash van het wachtwoord worden encrypt.

In werkelijkheid wordt het wachtwoord NIET leesbaar bewaard.

In het geval de database wordt gejat, moet eerst de encrypted hash worden decrypt alvorens de hash zelf kan worden gekraakt.

De $SQL_encrypt_key variable moet op een veilige plek worden bewaard. De meningen verschillen over waar die veilige plek dan wel is.

➠ https://mariadb.com/kb/en/aes_encrypt/

➠ De toelichting voor het geval dat u ’m gemist heeft.

➠ Download deze PHP bestanden

$query = "UPDATE forum SET pw_hash = '" . $pw_hash . "', pw_encrypted = HEX( AES_ENCRYPT( password, '" . $SQL_encrypt_key . "' ) ), pw_hash_encrypted = HEX( AES_ENCRYPT( pw_hash, '" . $SQL_encrypt_key . "' ) ) WHERE id = 1;";

UPDATE forum SET pw_hash = "$2y$10$sS3Sfkr8D1h5xR6P5A7RmucqHL420yvTKWoqwadbMMO63G0SKosia", pw_encrypted = HEX( AES_ENCRYPT( password, "Carthago Delenda Est" ) ), pw_hash_encrypted = HEX( AES_ENCRYPT( pw_hash, "Carthago Delenda Est" ) ) WHERE id = 1;

Parse encrypted

SELECT id, username, password, pw_hash, pw_encrypted, pw_hash_encrypted, AES_DECRYPT( UNHEX( pw_encrypted ), "Carthago Delenda Est" ) AS pw_decrypted, AES_DECRYPT( UNHEX( pw_hash_encrypted ), "Carthago Delenda Est" ) AS pw_hash_decrypted FROM forum WHERE id = 1;

ID	1
Username	Harald
password	Wachtwoord
hash	$2y$10$sS3Sfkr8D1h5xR6P5A7RmucqHL420yvTKWoqwadbMMO63G0SKosia

pw_encrypted	87E18F70A7E21A15040644BCB1FE312A
pw_decrypted	Wachtwoord
pw_hash_encrypted	BA81BCDC0B47E256234734DD3DAD9EA0AC6B42E6D340F18A835CF9F17284644E5EAC05BF6B04AAE8BDE1DDE13572AE57868BFFFC53ED84AFF64073E7046A4735
pw_hash_decrypted	$2y$10$sS3Sfkr8D1h5xR6P5A7RmucqHL420yvTKWoqwadbMMO63G0SKosia

password is	Valid