phppasswordspassword-protectionpassword-encryptionpassword-storage

Securely displaying passwords in php


I would like to create a secure password repository for the company I work for. A system where users can store their usernames and passwords for various systems. All they would have to do is login to this system once and then be able to view their usernames and passwords in a table.

I understand to validate a users login I should use a quality hash and a random salt. However, once a user logs in to my system I want them to be able to see the username and passwords for sites/systems that they have input into this system. So far all my research on storing passwords requires the user to enter the correct password which would check it against the hash and salt and either pass or fail. So far I don't see a way to store and retrieve passwords without actually passing the correct password into the hash.

Is there a way to safely display a list of usernames and passwords? Any sample code or libraries already designed to do something like this would be greatly appreciated.


Solution

  • Hashing is one way. You cannot decode/decrypt a hashed password.

    If you want to be able to view a password, you will need to use encryption instead of hashing.

    Unless this is a strict business requirement, you should avoid having any sort of authentication system using anything other than hashing for passwords.

    Eg, if the passwords you are wanting to be made available for viewing are not related to the login/authentication for your site, you should hash the login/authentication passwords, and encrypt the passwords that are to be viewed.