All geek questions in one place

Is there any way to cancel this beaten function?

I was asked to encrypt the password by creating a new procedure, and I thought that I had to work with bits to change each character of my input key with clearly unrelated characters, and so I wrote this function:

(I work with PHP code):

function CBS($digits, $n_times) { $mask = 0x7FFFFFFF; $digits = intval($digits); if($n_times > 0) { $digits = ($digits<<$n_times%32) & (($digits>>(32-$n_times%32)) & ($mask>>(31-$n_times%32))); }elseif($n_times < 0) { $n_times = abs($n_times); $digits = (($digits>>$n_times%32) & ($mask >> (-1+$n_times%32))) | ($digits<<(32-$n_times%32)); } return decbin($digits); }

Of course, after I encrypted my password, I had to decrypt it.

Is there any way to do this?

You don’t need to write me code to do this, it would be great if you could explain it to me also with words.

+5
source share
1 answer

"Of course, after I encrypted my password, I could decrypt it." - fundamentally wrong !. The right encryption function (i.e., the hash function) must not have the inverse function. Very simple identification algorithm:
1. User enters password
2. Get the hash from the password using the encryption function (entered_hash = f (password))
3. Compare embedded_hash with right_hash_store
NEVER store passwords, only hashes!

I think that if you want your encryption function to have feedback, it should consist of a function with the opposite, so AND and OR are not like that, but ROT and XOR. So, all you need is gluing ROT / XOR (for the XOR mask, you can use the encrypted value of the previous squeaky step, in which case it should also be saved)

+1
source

Source: https://habr.com/ru/post/1234309/

More articles:


All Articles