ScotlandPHP 2016

Modelo de almacenamiento encriptado

SSL/SSH protege los datos que viajan desde el cliente al servidor: SSL/SSH no protege los datos persistentes almacenados en una base de datos. SSL es un protocolo que protege los datos mientras viajan por el cable.

Una vez que un atacante obtiene acceso directo a una base de datos (eludiendo el servidor web), los datos sensibles almacenados podrían ser divulgados o mal utilizados, a menos que la información esté protegida por la base de datos misma. Encriptar los datos es una buena forma de mitigar esta amenaza, pero muy pocas bases de datos ofrecen este tipo de encriptación de datos.

La forma más sencilla para evitar este problema es crear primero un paquete de encriptación propio y utilizarlo en los scripts de PHP. Hay muchas extensiones de PHP que pueden ser de ayuda para esto, tales como Mcrypt y Mhash, cubriendo así una amplia variedad de algoritmos de encriptación. El script encripta los datos antes de insertarlos en la base de datos, y los desencripta al obtenerlos. Véanse las referencias para ejemplos adicionales del funcionamiento de la encriptación.

En caso de datos que deban estar realmente ocultos, si no fuera necesaria su representación real, (es decir, que no sean mostrados), quizás convenga utilizar algoritmos hash. El ejemplo más típico del uso del hash es a la hora de almacenar el hash criptográfico de una contraseña en una base de datos, en lugar de almacenar la contraseña en sí. Véase también crypt().

Ejemplo #1 Utilización de campos de contraseña con hash


// Almacenar el hash de la contraseña
// $caracteres_aleatorios se obtuvo, p.ej., utilizando /dev/random
$consulta  sprintf("INSERT INTO users(name,pwd) VALUES('%s','%s');",
pg_escape_string(crypt($contraseña'$2a$07$' $caracteres_aleatorios '$')));
$resultado pg_query($conexión$consulta);

// Consultar si el usuario envió la contraseña correcta
$consulta sprintf("SELECT pwd FROM users WHERE name='%s';",
$fila pg_fetch_assoc(pg_query($conexión$consulta));

if (
$fila && crypt($contraseña$fila['pwd']) == $fila['pwd']) {
'Bienvenido, ' htmlspecialchars($nombre_usuario) . '!';
} else {
'La autenticación ha fallado para ' htmlspecialchars($nombre_usuario) . '.';

add a note add a note

User Contributed Notes 6 notes

seigoryu at hotmail dot de
3 years ago
I would strongly recommend using SHA-2 or better the new SHA-3 hash algorithm. MD5 is practically unusable, since there are very well working rainbow tables around the whole web. Almost the same for SHA-1. Of course you should never do a hash without salting!
5 years ago
Using functions to obfuscate the hash generation does not increase security. This is security by obscurity. The algorithm used to hash the data needs to be secure by itself.

I would not suggest to use other data as salt. For example if you use the username, you won't be able to change the values without rehashing the password.

I would use a dedicated salt value stored in the same database table.

Why? Because a lot of users use the same login credentials on different web services. And in case another service also uses the username as salt, the resulting hashed password might be the same!

Also an attacker may prepare a rainbow table with prehashed passwords using the username and other known data as salt. Using random data would easily prevent this with little programming effort.
9 years ago
A better way to hash would be to use a separate salt for each user. Changing the salt upon each password update will ensure the hashes do not become stale.
about2mount at gmail dot com
1 year ago
It's difficult to post scripts here for all to view on the subject of best security practices. But i would wish to point out that using a salt with a randomized and odd numbered long length salt value is do_able with two Php functions while retrieving and separating the salt when it comes out using simple math functions. But with everything we add we also have to think of the constant standardized login systems we stay behind with.

For one,,, adding and validating two to four passwords is not a bad idea.  Also having no username or email going in. They can be stored after the user logs in after the validation process.  It is possible to store the email on the first signup and only at that time. And if the user loses his passwords then validate by email only upon request within a contact form by a validated phone number stored in the database,, and then via their email account.
Fairydave at the location of
10 years ago
I think the best way to have a salt is not to randomly generate one or store a fixed one. Often more than just a password is saved, so use the extra data. Use things like the username, signup date, user ID, anything which is saved in the same table. That way you save on space used by not storing the salt for each user.

Although your method can always be broken if the hacker gets access to your database AND your file, you can make it more difficult. Use different user data depending on random things, the code doesn't need to make sense, just produce the same result each time. For example:

if ((asc(username character 5) > asc(username character 2))
   if (month the account created > 6)
      salt = ddmmyyyy of account created date
      salt = yyyyddmm of account created date
   if (day of account created > 15)
      salt = user id * asc(username character 3)
      salt = user id + asc(username character 1) + asc(username character 4)

This wont prevent them from reading passwords when they have both database and file access, but it will confuse them and slow them up without much more processing power required to create a random salt
mrgarett at gmail dot com
1 year ago
I am not sure if this method is secure but i encrypt a users password with mcrypt and save the random character salt to a file that is protected by the web server. The filename is there unique id + date registered encrypted with standard md5.

For extra security if the ip address is not the normal ip address i send a little notification to there email.
To Top