{"id":643,"date":"2024-07-22T15:23:00","date_gmt":"2024-07-22T13:23:00","guid":{"rendered":"https:\/\/blog.pirulug.com\/?p=643"},"modified":"2024-07-22T15:23:00","modified_gmt":"2024-07-22T13:23:00","slug":"bibliotecas-para-encriptar-contrasenas-en-php","status":"publish","type":"post","link":"https:\/\/blog.pirulug.com\/?p=643","title":{"rendered":"Bibliotecas para encriptar contrase\u00f1as en PHP"},"content":{"rendered":"<p>\n  La criptograf\u00eda es un campo que deber\u00eda ser abordado solo por expertos, ya que<br \/>\n  muchos tutoriales en l\u00ednea sugieren m\u00e9todos obsoletos como MD5 y SHA1 para<br \/>\n  almacenar contrase\u00f1as, lo cual es una mala pr\u00e1ctica.\n<\/p>\n<h2>Problemas con MD5 y SHA1<\/h2>\n<p>\n  Algoritmos como MD5 y SHA1 son r\u00e1pidos y eficientes, pero modernos ataques de<br \/>\n  fuerza bruta pueden f\u00e1cilmente comprometer estos m\u00e9todos. Por ejemplo:\n<\/p>\n<pre><code class=\"language-php\">&lt;?php\n$contrasena = &quot;test123456&quot;;\necho md5($contrasena);\n\/\/ La salida es:\n\/\/ 47ec2dd791e31e2ef2076caf64ed9b3d\n?&gt;<\/code><\/pre>\n<p>\n  Al ingresar este hash en sitios como md5online o md5cracker, puedes ver que la<br \/>\n  contrase\u00f1a se revela f\u00e1cilmente.\n<\/p>\n<h2>Recomendaciones para encriptar contrase\u00f1as<\/h2>\n<p>\n  Es recomendable usar bibliotecas probadas para la encriptaci\u00f3n de contrase\u00f1as<br \/>\n  en PHP, como PHPASS, PHP-PasswordLib, y PasswordCompat. A continuaci\u00f3n se<br \/>\n  presentan ejemplos de c\u00f3mo usar cada una.\n<\/p>\n<h3>PHPASS<\/h3>\n<p>\n  PHPASS es una biblioteca dise\u00f1ada por Solar Designer que permite generar<br \/>\n  hashes seguros para sistemas de login. Compatible con PHP 5.3 y superior.\n<\/p>\n<pre><code class=\"language-php\">&lt;?php \nrequire_once(&quot;PasswordHash.php&quot;);\n\/\/ Instancia de la clase\n$encriptar = new PasswordHash(8, FALSE);\n\n\/\/ Contrase\u00f1a\n$laClave = &quot;test12345&quot;;\n\/\/ Generando el HASH\n$hash = $encriptar-&gt;HashPassword($laClave);\n\/\/ Se imprime el HASH generado\necho &#039;Hash: &#039; . $hash . &quot;n&quot;;\n\/\/ Se hace la comparaci\u00f3n de la contrase\u00f1a\nif ($encriptar-&gt;CheckPassword($laClave, $hash)) {\n    echo &quot;La contrase\u00f1a es correcta&quot;;\n} else {\n    echo &quot;Error al intentar escribir la contrase\u00f1a&quot;;\n}\n?&gt;\n    <\/code><\/pre>\n<h3>PHP-PasswordLib<\/h3>\n<p>\n  PHP-PasswordLib es una biblioteca que facilita la generaci\u00f3n de hashes con una<br \/>\n  simple implementaci\u00f3n. Compatible con PHP 5.3.2 y superior.\n<\/p>\n<pre><code class=\"language-php\">\n&lt;?php \n\/\/ Importando la librer\u00eda\nrequire_once &#039;Captchaweb\/classphp\/PasswordLib\/PasswordLib.php&#039;;\n\/\/ Instancia de la clase\n$lib = new PasswordLibPasswordLib();\n$Contrasena = &quot;test123456&quot;;\n\/\/ Creando el Hash\n$hash = $lib-&gt;createPasswordHash($Contrasena);\necho &quot;&lt;strong&gt;HASH: &lt;\/strong&gt;&quot;.$hash.&quot;&lt;br&gt;&quot;;\n\/\/ Se verifica la contrase\u00f1a\nif (!$lib-&gt;verifyPasswordHash($Contrasena, $hash)) {\n    echo &quot;Contrase\u00f1a incorrecta&quot;; \n} else {\n    echo &quot;Contrase\u00f1a correcta&quot;;\n}\n?&gt;<\/code><\/pre>\n<h3>PasswordCompat<\/h3>\n<p>\n  PasswordCompat permite generar hashes de manera sencilla utilizando el m\u00e9todo<br \/>\n  <code>crypt()<\/code> de PHP 5.5.0 y superior.\n<\/p>\n<pre><code class=\"language-php\">&lt;?php\n\/\/ Importando la biblioteca\nrequire_once &#039;Captchaweb\/classphp\/password_compat\/lib\/password.php&#039;;\n\n$Pasword = &quot;test123456&quot;;\n\/\/ Generando Hash con un costo espec\u00edfico\n$Hashgen = password_hash($Pasword, PASSWORD_BCRYPT, array(&quot;cost&quot; =&gt; 10));\necho &quot;&lt;strong&gt;HASH password_compat: &lt;\/strong&gt;&quot;.$Hashgen.&quot;&lt;br&gt;&quot;;\n\/\/ Verificando la contrase\u00f1a\nif (password_verify($Pasword, $Hashgen)) {\n    echo &quot;Contrase\u00f1a v\u00e1lida&lt;br&gt;&quot;;  \n} else {\n    echo &quot;Contrase\u00f1a no v\u00e1lida&lt;br&gt;&quot;; \n}\n?&gt;<\/code><\/pre>\n<h2>Generaci\u00f3n Aleatoria de Hashes<\/h2>\n<p>Puedes generar hashes aleatorios utilizando diferentes bibliotecas:<\/p>\n<pre><code class=\"language-php\">&lt;?php\n\/\/ Importando las librer\u00edas\nrequire_once &#039;Captchaweb\/classphp\/PasswordLib\/PasswordLib.php&#039;;\nrequire_once &quot;Captchaweb\/classphp\/PasswordHash.Class.php&quot;;\nrequire_once &#039;Captchaweb\/classphp\/password_compat\/lib\/password.php&#039;;\n\n\/\/ Generador de clave aleatorio\nfunction AleatorioClave($Contrasena) {\n    $RetorClave = null;\n    $Tipo = null;\n    $Clases = array(&#039;PHPASS&#039;, &#039;PHPPasswordLib&#039;, &#039;passwordcompat&#039;);\n\n    $rand = rand(0, count($Clases) - 1);\n    $Tipo = $Clases[$rand];\n\n    switch ($Tipo) {\n        case &#039;PHPASS&#039;:\n            $encriptar = new PasswordHash(8, FALSE);\n            $RetorClave = $encriptar-&gt;HashPassword($Contrasena);\n            break;\n        case &#039;PHPPasswordLib&#039;:\n            $encriptar = new PasswordLibPasswordLib();\n            $RetorClave = $encriptar-&gt;createPasswordHash($Contrasena);\n            break;\n        case &#039;passwordcompat&#039;:\n            $RetorClave = password_hash($Contrasena, PASSWORD_BCRYPT, array(&quot;cost&quot; =&gt; 10));\n            break;\n        default:\n            break;\n    }       \n    return &quot;HASH generado en: &quot;.$Tipo.&quot; =&gt; &quot;.$RetorClave;\n}\n\n\/\/ Se muestra la clave generada al azar\necho AleatorioClave(&#039;test123456&#039;);\n?&gt;<\/code><\/pre>\n<p>\n  Es crucial realizar pruebas exhaustivas en nuestras aplicaciones web para<br \/>\n  asegurar las mejores pr\u00e1cticas de seguridad.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>La criptograf\u00eda es un campo que deber\u00eda ser abordado solo por expertos, ya que muchos tutoriales en l\u00ednea sugieren m\u00e9todos obsoletos como MD5 y SHA1 para almacenar contrase\u00f1as, lo cual es una mala pr\u00e1ctica. Problemas con MD5 y SHA1 Algoritmos como MD5 y SHA1 son r\u00e1pidos y eficientes, pero modernos ataques de fuerza bruta pueden [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[108],"class_list":["post-643","post","type-post","status-publish","format-standard","hentry","category-sin-categoria","tag-php"],"_links":{"self":[{"href":"https:\/\/blog.pirulug.com\/index.php?rest_route=\/wp\/v2\/posts\/643","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pirulug.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pirulug.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pirulug.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pirulug.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=643"}],"version-history":[{"count":0,"href":"https:\/\/blog.pirulug.com\/index.php?rest_route=\/wp\/v2\/posts\/643\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.pirulug.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pirulug.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pirulug.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}