Page 1 of 1
MD5 Hashing
Posted: Sat Sep 04, 2010 3:23 pm
by ScottCFR
I am trying to work with the MD5 feature. But, I am kinda confused as to where to put it. I have the fields pass and pass2. Pass 2 is to be sure that it's the same as pass 1. I don't know where I will hash it, like before the query?
Re: MD5 Hashing
Posted: Sat Sep 04, 2010 3:59 pm
by shawngoldw
It shouldn't matter where you hash them as long as you hash both of them at the same time.
Shawn
Re: MD5 Hashing
Posted: Sat Sep 04, 2010 4:01 pm
by social_experiment
Hash it before the query and write the hashed value to the database, use sha() instead of md5 though.
Re: MD5 Hashing
Posted: Sat Sep 04, 2010 5:29 pm
by ScottCFR
So i would use..
$pass1 = sha(pass)
Re: MD5 Hashing
Posted: Sat Sep 04, 2010 6:10 pm
by tonchily
ScottCFR wrote:So i would use..
$pass1 = sha(pass)
$pass1 = sha($pass1);
Re: MD5 Hashing
Posted: Tue Sep 07, 2010 11:48 am
by pickle
The whole point of hashing is so that you can store the password without knowing what it is. This will enable you to compare the password in the future, without having to store it.
I imagine the form you're talking about is a signup/registration form. For comparing your 1st & 2nd password fields, don't bother hashing them - you just want to make sure the value is the same.
You need to hash the password before you store it anywhere, such as the database. The database should then store the hashed value. In the future, when users try to login, you hash the password they type in, and put the hashed value in the query.
As far as which hashing algorithm to choose, sha() and md5() are both relatively insecure (relative to other hashing algorithms). If you have the appropriate version, I'd recommend using the hash() function for sha256 or sha512.