Problem While Encrypting

[eluser]Md. Iftekharul Islam Sakib[/eluser]
I am encrypting the userid and password before saving to database. When user wants to login, the user give his/her login id and password. But now if I encrypt the given userid to find out the savedpassword in databse it doesn't work.

This is because in codeigniter encryption of a same value doesn't return same value

Code:

$msg = 'My secret message';

$encrypted_string1 = $this->encrypt->encode($msg);
$encrypted_string2 = $this->encrypt->encode($msg);

Now, if i first find out all the username and password first & then decode them to find the correct password it will be very unefficient.

How To cope up with this problem.

Thank You in advance for help.

[eluser]nagata[/eluser]
Why not use Hash's? like sha1 and Md5?
example: sha1(sha1(sha1($password).$salt).$userid)
Its really safe as its user specific (User Id) and has Unique salt (set in config file...)
Also if you ask, I think encode isnt the best idea to do if its about password as that would mean
anyone has a small chance of breaking the encryption and getting password, which would mean
that user has lost his password cause YoU..... would be right, would it?

[eluser]Md. Iftekharul Islam Sakib[/eluser]
[quote author="nagata" date="1339669986"]
Thank You For Reply. I am using SHA1 for password encryption. But problem occurs due to encrypted user id.

[eluser]nagata[/eluser]
could you post the code you are using for it?
so I and other can see where is the problem ourself.

[eluser]Md. Iftekharul Islam Sakib[/eluser]

Code:

$msg = 'My secret message';

$encrypted_string1 = $this->encrypt->encode($msg);
$encrypted_string2 = $this->encrypt->encode($msg);  

if($encrypted_string1==$encrypted_string2)
echo("They Are Equal");
else
echo("They Are Not Equal");

The Answer of The above code should be They Are Equal. But result comes in codeigniter They Are Not Equal

[eluser]InsiteFX[/eluser]
Add this to your ./application/helpers/your_helper.php

Code:

// ------------------------------------------------------------------------

/**
* gen_hash()
*
* Usage:   gen_hash($str_1); or gen_hash($str_1, $str_2); etc;
*
* Hashes the password with the CI config item 32-bit encryption key
* using SHA-512. I place this in my user_model.
*
* You can also pass in the password field to
* this method to generate the encryption key then return the value.
*
* NOTE: The Database password field needs to be varchar(128)
* Can also be used for generating hash for other values.
* You can also pass a second parameter to this method if needed.
*
* @access public
* @param string - $str_1 - default value
* @param string - $str_2 - optional value
* @retrun string - the 128 char encrypted string
*/
if ( ! function_exists('gen_hash'))
{
function gen_hash($str_1, $str_2 = '')
{
  $_ci = get_instance();
  return hash('SHA512', $str_1 . $_ci->config->item('encryption_key') . $str_2);
}
}

You cand change the SHA512 in the hash method to any of the hash values, but you will also need to change the size of the database field.