A
A
Andrey2016-09-03 00:15:12
PHP
Andrey, 2016-09-03 00:15:12

How to encrypt passwords?

There is a need to store user passwords, which must be used in the future in clear text. Now there are two servers, frontend and backend. These passwords must be transferred from the frontend to the backend in encrypted form. Decrypted passwords are only needed on the backend.
I see now two options:
1. Use RSA, frontend encrypts with the public key and passes it to the backend, which decrypts with the private key. The advantage of this approach is that when hacked, attackers will not be able to get a private key. Minus - one key for all passwords.
2. Encrypt via openssl_encrypt(). Using md5 as a key (master key + unique key for each user). The advantage is that each user has his own key, which is stored in the same table with the password hash. The downside is that the master key is one for two servers.
Please tell me what is better to use. I am a complete zero in this.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
X
xmoonlight, 2016-09-03
@xmoonlight

If the service is an aggregator - use OAUTH tokens instead of passwords,
otherwise - I don’t see the point of transferring / storing passwords in decrypted form on the back at all.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question