【发布时间】:2015-04-08 16:11:39
【问题描述】:
所以我有一个表,它使用 MCRYPT_RIJNDAEL_128 加密在 varbinary 下加密了用户名和密码。我可以很好地存储加密的详细信息,但我在解密它们时遇到了问题。我在用户注册时存储用户名、密码和 IV。
$query = "INSERT INTO users ( username, password ) VALUES ( :user, :pass) ";
$encrypt_user = $_POST['username'];
$encrypt_pass = $_POST['password'];
$encrypted_user = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $secret_key, $encrypt_user, MCRYPT_MODE_CBC, $iv);
$encrypted_pass = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $secret_key, $encrypt_pass, MCRYPT_MODE_CBC, $iv);
$encrypted_cardnumber = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $secret_key,
$query_params = array(
':user' => $encrypted_user,
':pass' => $encrypted_pass,
);
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
$response["success"] = 0;
}
这一切都很好,问题是我什么时候想解密。如何获取登录用户的 IV?我曾尝试在用户注册时将 iv 设置为会话变量,但我知道这仅在用户首次注册然后登录时才有效。
$query = "SELECT id, username FROM users WHERE username = :username";
$username = $_POST['username'];
$password = $_POST['password'];
//encrypting the username and password to compare to the ones stored in the databaase
$encrypted_username = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $secret_key, $username, MCRYPT_MODE_CBC, $iv);
$encrypted_password = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $secret_key, $password, MCRYPT_MODE_CBC, $iv);
【问题讨论】:
标签: php encryption passwords mcrypt