+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Best Practices (https://forum.codeigniter.com/forumdisplay.php?fid=12)
+--- Thread: What are the strongest encryption/hashing functions? (/showthread.php?tid=1401)
What are the strongest encryption/hashing functions? - geekita - 03-06-2015
Using CI 3.0 RC2 Encryption library
- What's the strongest functionality to use for string hashing? Can you provide a working example?
- What's the strongest functionality to use for string encryption/decryption? Can you provide a working example?
RE: What are the strongest encryption/hashing functions? - Narf - 03-06-2015
Hashing has nothing to do with encryption and CI_Encryption doesn't provide hashing. But to answer your question: bcrypt, scrypt and pbkdf2 are today's standards for password hashing. The first one is the most accessible and popular in the PHP world, just use the password hashing functions.
There's no "strongest" encryption, but AES-128 is a the de-facto standard everywhere (except maybe in Japan). It's also the default algorithm in CI_Encryption, so all you need is to use a strong key and encrypt()/decrypt() away.
RE: What are the strongest encryption/hashing functions? - geekita - 03-07-2015
Thanks for your clarification. Here comes two use cases about hashing and encryption/decryption.
- Hash and match a password using PHP functions
PHP Code:
/* 1. "Register a new password" use case */
$submitted_password = $this->input->post('password');
$password_hash = password_hash($submitted_password, PASSWORD_DEFAULT);
// Save $password_hash somewhere (database, file, etc)
/* 2. "Verify if previously saved password matches the submitted one" use case */
$submitted_password = $this->input->post('password');
$password_hash = ... // Retrieve previously saved $password_hash
$password_matches = password_verify($submitted_password, $password_hash);
if ($password_matches) {
// Access granted
}
- Encrypt and decrypt a string using CI Encryption library
PHP Code:
$this->load->library('encryption');
$plain_text = 'This is a plain-text message!';
$ciphertext = $this->encryption->encrypt($plain_text);
// Outputs: This is a plain-text message!
echo $this->encryption->decrypt($ciphertext);
The only thing that is not so clear to me is the length of encryption key which has to be exactly or at least of 16 bytes (for AES-128 cipher).
RE: What are the strongest encryption/hashing functions? - Narf - 03-07-2015
It must be exactly 16 bytes.
RE: What are the strongest encryption/hashing functions? - darrenbang - 08-13-2015
RFC2898DeriveBytes Class
Using RFC2898DeriveBytes with a non trivial iteration count should be better than using a straight hash function for authentication purposes. The Rfc2898DeriveBytes class can be used to produce a derived key from a base key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count. More about.......Encryption and Decryption
Bang