I'm developing a web service where users must login. I will store user data in an SQL database and input/output via PHP. But I don't want to store it openly. How do I encrypt the passwords in PHP so only those who knows the password can unlock it?
I know services like phpBB uses some sort of hiding/encryption on stored passwords.
The easiest way to get your password storage scheme secure is by using a standard library.
Because security tends to be a lot more complicated and with more invisible screw up possibilities than most programmers could tackle alone, using a standard library is almost always easiest and most secure (if not the only) available option.
See this answer for more info
You need to salt and hash the password, using an appropriately secure algorithm.
You probably want to hash the password - not encrypt it. Check out SHA-1. Hashing means that you cannot retrieve the original data as you can with encryption. Instead what you do is hash the users input and compare it to the hash in the database to see if they've got the right password. Doing this increases security as if your database was ever compromised - a bunch of hashes are useless.
Well, you shouldn't encrypt them with MD5 (which is not really secured, most hackers have conversion tables).
Hence, you can hash it with SHA1 (which is usually used).
If you want more security, you can add more salt which is a key you can add like this (just an example, usually used) :
salt+sha1(salt+pass)
This combination can be used with many language.
Hash passwords in SHA-1 (sha1 php inbuilt function) with several recursions of salting (same code in the answers above, only loop through several times). This should be sufficient protection, so even if the intruders somehow get their hands on the hashes, they shouldn't be able to crack them...
Save an MD5 hash and to make it more secure, add a salt.
There is the possibility to hash passwords (preferably with a salt):
$salt = random_string($length = 5);
$hash = $salt . sha1($salt . $password);
Or store encrypted (only if your MySQL connection is SSL secured):
INSERT INTO `user` (`user`,`pass`) VALUES("username",ENCRYPT("password","secretkey"))
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 来,给爷笑一个 的文章《Secure password storage》','https://www.manongdao.com/article-459898.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}