Page 1 of 1
Password encryption and decryption
Posted: Tue Jul 22, 2008 10:45 am
by pritam79
Hello everyone,
I have a password input field which gets stored in a mysql database (i am using php+mysql). Is there any way in php to encrypt the password before storing in the database and then decrypting it when the user wants to retrieve his password.
Re: Password encryption and decryption
Posted: Tue Jul 22, 2008 12:05 pm
by Reviresco
Re: Password encryption and decryption
Posted: Tue Jul 22, 2008 12:33 pm
by Eran
md5 is a one way hash - it can't be decrypted back (rainbow tables aside). One way hashing is the recommended form to save a password in a database, especially so they cannot be decrypted back in case the database is compromised. When using a hash you have to generate new password for users who lost theirs.
Alternatively use one of the encryption algorithms included in the mcrypt extensions - just be aware of the possible ramifications should your database be compromised.
http://www.php.net/mcrypt
Re: Password encryption and decryption
Posted: Tue Jul 22, 2008 7:34 pm
by WebbieDave
Alternatively, you can use the MySQL built-in encryption/decryption functions such as AES_ENCRYPT.
http://dev.mysql.com/doc/refman/5.0/en/ ... tions.html