Toon records

SELECT *, LENGTH( pw_encrypted), LENGTH( pw_hash_encrypted) FROM forum WHERE id = 1;

stdClass Object
(
    [id] => 1
    [username] => Harald
    [password] => Wachtwoord
    [pw_hash] => $2y$10$.CyMGe0Ew7ifqBMy.I5Bq.yJcjOQMzSPn/9mVyTrvsADYBVgNX3bK
    [pw_encrypted] => 87E18F70A7E21A15040644BCB1FE312A
    [pw_hash_encrypted] => 9FF7350CD6E8668F77F9FF1BB5645F5CA048A9F14C90EA62A5CE3150E6505C4FB7050EFF8D55A766996D6F2CF18F9FAFDA727CF6ED8617B5A4983B7304F1C22C
    [LENGTH( pw_encrypted)] => 32
    [LENGTH( pw_hash_encrypted)] => 128
)

Toon records NA UPDATE

In plaats van het password kan ook de hash van het wachtwoord worden encrypt.

In werkelijkheid wordt het wachtwoord NIET leesbaar bewaard.

In het geval de database wordt gejat, moet eerst de encrypted hash worden decrypt alvorens de hash zelf kan worden gekraakt.

De $SQL_encrypt_key variable moet op een veilige plek worden bewaard. De meningen verschillen over waar die veilige plek dan wel is.

https://mariadb.com/kb/en/aes_encrypt/

De toelichting voor het geval dat u ’m gemist heeft.

Download deze PHP bestanden

$query = "UPDATE forum SET pw_hash = '" . $pw_hash . "', pw_encrypted = HEX( AES_ENCRYPT( password, '" . $SQL_encrypt_key . "' ) ), pw_hash_encrypted = HEX( AES_ENCRYPT( pw_hash, '" . $SQL_encrypt_key . "' ) ) WHERE id = 1;";

UPDATE forum SET pw_hash = "$2y$10$DOQZ4T2Q2l9a/Dc4JjdStuJfir9rXDjd42wzeM32xYhn2AvcXRzQi", pw_encrypted = HEX( AES_ENCRYPT( password, "Carthago Delenda Est" ) ), pw_hash_encrypted = HEX( AES_ENCRYPT( pw_hash, "Carthago Delenda Est" ) ) WHERE id = 1;

Parse encrypted

SELECT id, username, password, pw_hash, pw_encrypted, pw_hash_encrypted, AES_DECRYPT( UNHEX( pw_encrypted ), "Carthago Delenda Est" ) AS pw_decrypted, AES_DECRYPT( UNHEX( pw_hash_encrypted ), "Carthago Delenda Est" ) AS pw_hash_decrypted FROM forum WHERE id = 1;

ID1
UsernameHarald
passwordWachtwoord
hash$2y$10$DOQZ4T2Q2l9a/Dc4JjdStuJfir9rXDjd42wzeM32xYhn2AvcXRzQi
 
pw_encrypted87E18F70A7E21A15040644BCB1FE312A
pw_decryptedWachtwoord
pw_hash_encryptedA7CC19EF4230DE4983A2FA5A9EDFEDF7F3F59BC85F961D41E78C88B986BCE97CB709E0697A7CD10C775BFFA3F4DDAFB41CA5D1D3A319186D0F8D9FE5328E56AA
pw_hash_decrypted$2y$10$DOQZ4T2Q2l9a/Dc4JjdStuJfir9rXDjd42wzeM32xYhn2AvcXRzQi
 
password is Valid