password encryption with md5

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

password encryption with md5

Post by dull1554 »

i need help to encrypt my admin password withg md5, i don't feel that having the password stored in the php file as a $var is secure enough for me

i need to encrypt the password and then i need to know how to validate a encrypted password
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

md5 isn't encryption, i believe. it's just hashes the original string. but, that said, i usually use md5 to hash the passwords in my db.

you can also use crypt() to encrypt passwords. when you do that, it's a good idea to salt the strings you need to encrypt.

to validate, you need to compare the string that's already been md5'ed with a nother string that you are at that time just md5'ing ... (ie,. md5edString == md5(myCurrentString)).
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

Note from manual wrote:I must point out to all the people who read the notes this far that MD5 is _not_ encryption in a traditional sense. Creating an MD5 digest (or hash) of a message simply creates 128 bits that can be used to almost positively identify that message or object in the future. You use MD5 if you want to validate that information is true. For example, you may ask a user to submit a message through a browser POST and save an MD5 of that message in a database for a preview function. When the user submits it the second time, running the MD5 hash of the new version of the text and comparing it to the original MD5 in the database will tell you if the text has changed at all. This is how MD5 is used -- it is _not_ for encrypting things so as to get the data back afterward -- the MD5 hash version does _not_ contain the data of the original in a new form.
Mark
Post Reply