Asked 8 years ago
22 Dec 2016
Views 1517
web-api

web-api posted

how do apply Blowfish (cipher) in php

its about secure password with salt . i head about blowfish cipher . how to apply blowfish cipher in php . i want to use to generate more complicated hash of password to store at database so no one can crack my user's password any how

so i choose Blowfish (cipher) , so if it any other good suggestion also advisable
shyam

shyam
answered Nov 30 '-1 00:00

use to crypt to use Blowfish (cipher) , its one way cryptography . but too weak without salt for securing password.



echo crypt("password is not more secure now",CRYPT_BLOWFISH );


other are

echo crypt("i am not secure",CRYPT_STD_DES );// Standard DES-based hash 
echo "<br/>";
echo crypt("i am not secure",CRYPT_EXT_DES );// Extended DES-based hash
echo "<br/>";

echo crypt("i am not secure",CRYPT_MD5);//MD5 hashing with a twelve character salt starting with $1$
echo "<br/>";


Mitul Dabhi

Mitul Dabhi
answered Nov 30 '-1 00:00

use mcrypt_encrypt function to use blowfish cipher .

$key = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3");
 $plaintext = "This string was AES-256 / CBC / ZeroBytePadding encrypted.";
 $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC);
 $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
  echo $ciphertext = mcrypt_encrypt(MCRYPT_BLOWFISH , $key,
                                 $plaintext, MCRYPT_MODE_CBC,$iv);

Twofish cipher , Threefish cipher , MacGuffin cipher , Advanced Encryption Standard AES cipher , many are there.

but i dont recommend this use of blowfish to hash the password . use md5 or password_hash instead .

md5

$passwordhash=md5("security");


password_hash

 $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); 
  $options = array('cost' => 11, 'salt' => $iv  );
  password_hash("security", PASSWORD_BCRYPT, $options)."\n";


ravi

ravi
answered Nov 30 '-1 00:00

blowfish implementation in php


 function gensalt_blowfish($input)
	{
		$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
			$iteration_count_log2 = 8;
		$output = '$2a$';
		$output .= chr(ord('0') + $iteration_count_log2 / 10);
		$output .= chr(ord('0') + $iteration_count_log2 % 10);
		$output .= '$';

		$i = 0;
		do {
			$c1 = ord($input[$i++]);
			$output .= $itoa64[$c1 >> 2];
			$c1 = ($c1 & 0x03) << 4;
			if ($i >= 16) {
				$output .= $itoa64[$c1];
				break;
			}

			$c2 = ord($input[$i++]);
			$c1 |= $c2 >> 4;
			$output .= $itoa64[$c1];
			$c1 = ($c2 & 0x0f) << 2;

			$c2 = ord($input[$i++]);
			$c1 |= $c2 >> 6;
			$output .= $itoa64[$c1];
			$output .= $itoa64[$c2 & 0x3f];
		} while (1);

		return $output;
	}
	echo gensalt_blowfish('testing');
Post Answer