Welcome Guest, Not a member yet? Register   Sign In
What are the strongest encryption/hashing functions?

Using CI 3.0 RC2 Encryption library

- What's the strongest functionality to use for string hashing? Can you provide a working example?
- What's the strongest functionality to use for string encryption/decryption? Can you provide a working example?

Hashing has nothing to do with encryption and CI_Encryption doesn't provide hashing. But to answer your question: bcrypt, scrypt and pbkdf2 are today's standards for password hashing. The first one is the most accessible and popular in the PHP world, just use the password hashing functions.

There's no "strongest" encryption, but AES-128 is a the de-facto standard everywhere (except maybe in Japan). It's also the default algorithm in CI_Encryption, so all you need is to use a strong key and encrypt()/decrypt() away.

(This post was last modified: 03-07-2015, 05:42 AM by geekita.)

Thanks for your clarification. Here comes two use cases about hashing and encryption/decryption.

- Hash and match a password using PHP functions
PHP Code:
/* 1. "Register a new password" use case */
$submitted_password $this->input->post('password');
$password_hash password_hash($submitted_passwordPASSWORD_DEFAULT);
// Save $password_hash somewhere (database, file, etc)

/* 2. "Verify if previously saved password matches the submitted one" use case */
$submitted_password $this->input->post('password');
$password_hash = ... // Retrieve previously saved $password_hash
$password_matches password_verify($submitted_password$password_hash);

if (
$password_matches) {
// Access granted

- Encrypt and decrypt a string using CI Encryption library
PHP Code:

$plain_text 'This is a plain-text message!';
$ciphertext $this->encryption->encrypt($plain_text);

// Outputs: This is a plain-text message!
echo $this->encryption->decrypt($ciphertext); 

The only thing that is not so clear to me is the length of encryption key which has to be exactly or at least of 16 bytes (for AES-128 cipher).

It must be exactly 16 bytes.

RFC2898DeriveBytes Class

Using RFC2898DeriveBytes with a non trivial iteration count should be better than using a straight hash function for authentication purposes. The Rfc2898DeriveBytes class can be used to produce a derived key from a base key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count. More about.......Encryption and Decryption


Theme © iAndrew 2016 - Forum software by © MyBB