Page 1 of 1
password encryption with md5
Posted: Mon Nov 24, 2003 11:10 am
by dull1554
i need help to encrypt my admin password withg md5, i don't feel that having the password stored in the php file as a $var is secure enough for me
i need to encrypt the password and then i need to know how to validate a encrypted password
Posted: Mon Nov 24, 2003 11:15 am
by microthick
md5 isn't encryption, i believe. it's just hashes the original string. but, that said, i usually use md5 to hash the passwords in my db.
you can also use crypt() to encrypt passwords. when you do that, it's a good idea to salt the strings you need to encrypt.
to validate, you need to compare the string that's already been md5'ed with a nother string that you are at that time just md5'ing ... (ie,. md5edString == md5(myCurrentString)).
Posted: Mon Nov 24, 2003 11:16 am
by JayBird
Note from manual wrote:I must point out to all the people who read the notes this far that MD5 is _not_ encryption in a traditional sense. Creating an MD5 digest (or hash) of a message simply creates 128 bits that can be used to almost positively identify that message or object in the future. You use MD5 if you want to validate that information is true. For example, you may ask a user to submit a message through a browser POST and save an MD5 of that message in a database for a preview function. When the user submits it the second time, running the MD5 hash of the new version of the text and comparing it to the original MD5 in the database will tell you if the text has changed at all. This is how MD5 is used -- it is _not_ for encrypting things so as to get the data back afterward -- the MD5 hash version does _not_ contain the data of the original in a new form.
Mark