What is the difference between encryption and hashing?
Point 1: Encryption is reversible whereas hashing is irreversible. Hashing can be cracked using rainbow tables and collision attacks but is not reversible. Point 2: Encryption ensures confidentiality whereas hashing ensures Integrity.
Is it possible that MD5 Hashing (encryption, decryption) work in PHP?
No because md5 is a cryptographic hash and not a way of encrypting data.It is more like a fingerprint. You can check if two chunks of data are the same if they have the same hash value, but it is not possible to reconstruct the chunk of data based on the hash value, just like it is not possible to reconstruct a human based only on his fingerprint.Aside from that, md5 is thoroughly broken and should not be used in any security context at all! If you want to use it to check for file duplicates on your own disk, thats fine, but anywhere you might encounter malicious data you should look into hashing algorithms that are not yet broken. (SHA1 is also broken by the way)
What is the difference between hashing and encryption?
Thanks A2A,Let’s take example of encryptionfor a 256 bit RSA encryption:- These are one of the best and safest example of encryption, also they are quite common. The websites which we visit like google, facebook use this kind of encryption.The encryption is a cryptographic technique where the data such as UserData are coded in such a way, that it becomes very difficult to get back the data from the code.As told earlier RSA Algorithm, works with 2 keys, namely public keys and private keys.Those keys are combination of 256 digits of random number and letters.Public keys are provided to the client, but the private keys are kept secret. To code a data, the browser just encrypts the data with the public keys. Then those coded data are then sent to the server. The server with the help of the public keys and private keys, decrypts the data and gets back the information.Note that it is impossible to get back the data without private keys in RSA Algorithm.Whereashashing is a process of converting a data into a form which has no relation with the data. Each combination of numbers or letters in hash is uniquely formed by unique data.The data can’t be obtained back from hash.For example:- the infro-numric hash is the one of the basic hash version in which the sum of digits is subtracted from the number to get the hash.This is one of the basic hash and is known for less security.This works as follows:-The machine asks for the number from user. For example :- 2245Then the sum of digits calculated. like here 2 + 2 + 4 + 5 = 13Now the sum of digits is subtracted. Here 2245 - 13 = 2232.Now, the hash obtained can be written as follows:-HASH INFRO-NUMERIC(2245) = 2232Note that the hash obtained 2232 can’t be reversed to get the actual number.Popular examples of hash are MD5, SHA1, etc. they have quite better algorithms and are used to store data in various forms.Note:- to use hash function is php is high unrecommeneded. Use crypt() function instead.
Php encode and decode or encryption and decryption methods?
Read up on the mcrypt functions in PHP. You'll need to make sure that mcrypt is compiled into the PHP distribution you're using: http://www.php.net/manual/en/function.mc... Basically you can do stuff like this: // The "iv" stuff is for the "initialization vector." See the page for more details. $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $key = "This is a very secret key"; $text = "Meet me at 11 o'clock behind the monument."; $secrettext = base64_encode(mcrypt_encrypt(MCRYPT_RIJN... $key, $text, MCRYPT_MODE_ECB, $iv)); // base64 makes sure there are no special characters! Now $secrettext is your code! To decode, you just do it backwards: // The "iv" stuff is for the "initialization vector." See the page for more details. $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $key = "This is a very secret key"; $plaintext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($text), MCRYPT_MODE_ECB, $iv)); And there you have it! You can do all sorts of crazy cryptographic functions using this!
In PHP, what would be the best way to migrate MD5 encrypted data to SHA?
If by migrate MD5 to SHA you mean that there is some data x, you know the MD5 hash of that data y = MD5(x) but not the data x and would like to compute the SHA1 hash z = SHA1(x), then the answer is that it is impossible. You would need to know the original data x in order to compute its SHA1 hash z. That is because there is not a 1-to-1 mapping between the SHA1 hash of a piece of data and its MD5.Two equally good approaches you could try are:Use the sha1 hash of the md5 hash of the password as your hash, or alternatively as others have suggested,Keep a flag indicating whether a user's hash is still MD5 or has transitioned to SHA1 and whenever a user still on MD5 logs in, once you have confirmed that their password matches the MD5 hash, convert it to SHA1 and clear the flag.