The mcrypt-extension is deprecated will be removed in PHP 7.2 according to the comment posted here. So I am looking for an alternative way to encrypt passwords.
Right now I am using something like
mcrypt_encrypt(MCRYPT_RIJNDAEL_128, md5($key, true), $string, MCRYPT_MODE_CBC, $iv)
I need your opinion for the best/strongest way to encrypt passwords, the encrypted password should of course supported by PHP 7.xx and should also be decryptable because my customers do want to have an option to 'recover' their passwords without generating a new one.
My Answer:
One alternative to mcrypt for encrypting passwords in PHP is to use the OpenSSL extension. You can use functions like openssl_encrypt and openssl_decrypt to encrypt and decrypt data using various encryption algorithms.
Here is an example of how you can encrypt a password using OpenSSL:
php
$key = 'your_secret_key';
$iv = openssl_random_pseudo_bytes(16); // generate a random initialization vector
$encrypted = openssl_encrypt($string, 'AES-256-CBC', $key, 0, $iv);
And to decrypt the password:
php
$decrypted = openssl_decrypt($encrypted, 'AES-256-CBC', $key, 0, $iv);
Make sure to securely store and manage your encryption key to ensure the security of your encrypted passwords.
Rate this post
4 of 5 based on 8707 votesComments