Hello everyone,
I have a password input field which gets stored in a mysql database (i am using php+mysql). Is there any way in php to encrypt the password before storing in the database and then decrypting it when the user wants to retrieve his password.
Password encryption and decryption
Moderator: General Moderators
Re: Password encryption and decryption
md5 is a one way hash - it can't be decrypted back (rainbow tables aside). One way hashing is the recommended form to save a password in a database, especially so they cannot be decrypted back in case the database is compromised. When using a hash you have to generate new password for users who lost theirs.
Alternatively use one of the encryption algorithms included in the mcrypt extensions - just be aware of the possible ramifications should your database be compromised. http://www.php.net/mcrypt
Alternatively use one of the encryption algorithms included in the mcrypt extensions - just be aware of the possible ramifications should your database be compromised. http://www.php.net/mcrypt
-
WebbieDave
- Forum Contributor
- Posts: 213
- Joined: Sun Jul 15, 2007 7:07 am
Re: Password encryption and decryption
Alternatively, you can use the MySQL built-in encryption/decryption functions such as AES_ENCRYPT.
http://dev.mysql.com/doc/refman/5.0/en/ ... tions.html
http://dev.mysql.com/doc/refman/5.0/en/ ... tions.html