Page 1 of 1

Password encryption and decryption

Posted: Tue Jul 22, 2008 10:45 am
by pritam79
Hello everyone,
I have a password input field which gets stored in a mysql database (i am using php+mysql). Is there any way in php to encrypt the password before storing in the database and then decrypting it when the user wants to retrieve his password.

Re: Password encryption and decryption

Posted: Tue Jul 22, 2008 12:05 pm
by Reviresco

Re: Password encryption and decryption

Posted: Tue Jul 22, 2008 12:33 pm
by Eran
md5 is a one way hash - it can't be decrypted back (rainbow tables aside). One way hashing is the recommended form to save a password in a database, especially so they cannot be decrypted back in case the database is compromised. When using a hash you have to generate new password for users who lost theirs.

Alternatively use one of the encryption algorithms included in the mcrypt extensions - just be aware of the possible ramifications should your database be compromised. http://www.php.net/mcrypt

Re: Password encryption and decryption

Posted: Tue Jul 22, 2008 7:34 pm
by WebbieDave
Alternatively, you can use the MySQL built-in encryption/decryption functions such as AES_ENCRYPT.
http://dev.mysql.com/doc/refman/5.0/en/ ... tions.html