基于PHP令牌的系统

Question

I'm building a login system and I want it to be secure so that I can re-use it on several projects. I'm using the function below to encrypt the given password with my secret key (32 chars).

function Encrypt($key, $payload) 
{
    $iv = mcrypt_create_iv(IV_SIZE, MCRYPT_DEV_URANDOM);
    $crypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $payload, MCRYPT_MODE_CBC, $iv);
    $combo = $iv . $crypt;
    $garble = base64_encode($iv . $crypt);
    return $garble;
}

My IV_SIZE is the following:

mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC))

Before you ask I don't allow users to enter a password. I generate a very complicated and long password for them with everything inside (uppercase, lowercase, digits and symbols). I've also implemented a ban system that allows you to insert a wrong password for a verly limited amount of times and, as if it wasn't enough, I also lock the entire account so that you can't try again even when the ban has expired.

This is the decrypt function still pretty standard:

function Decrypt($key, $garble) 
{
    $combo = base64_decode($garble);
    $iv = substr($combo, 0, IV_SIZE);
    $crypt = substr($combo, IV_SIZE, strlen($combo));
    $payload = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $crypt, MCRYPT_MODE_CBC, $iv);
    return $payload;
}

Said that it's 2 hours that I'm trying to figure out what's the best approach to issue a login session/cookie. I want to adopt a token-based approach like follows.

As soon as login is successful, I want to store in a cookie the first part of an hash. The entire hash is stored in my DB and it is unique. The second part of it would be something like a salt + sha/md5/base64 (...) of userid, email, timestamp etc. Is it a good approach?

Answer 1

No.

Unless you need to have access to the plain-text password (eg if it's a password for a configured SMTP server that you'd use), you MUST NOT encrypt passwords, but hash them.
And use password_hash() (bcrypt) to hash them; it is specifically designed for this purpose.

Also, it is not made clear in your question what these hashes are for , but it sounds like a flawed choice at best - MD5 and SHA1 shouldn't be used for any kind of security mechanisms today , and if you want to verify the authenticity of something, you should be using a keyed hash function like hash_hmac() instead anyway.

Use a generic PHP session to maintain the login state.

It seems to me that you're over-thinking the problem at hand and in turn over-engineering the solution. Keep it simple.