Page 1 of 4

MD5'ing Passwords

Posted: Fri Jun 30, 2006 1:49 pm
by Bigun
I'm storing the user's passwords in a MySQL database.

Is it really all that secure and/or necessary to MD5 the passwords? Or is it perfectly safe to leave them in plain text?

Posted: Fri Jun 30, 2006 1:58 pm
by John Cartwright
What if someone gained access to your server? --or-- what if a disgruntled employer/partner/developer/whatever opened up the database and stole a bunch of passwords? Atleast if you have them encrypted they are relatively safe from being stolen.

Posted: Fri Jun 30, 2006 1:58 pm
by Luke
hashing them will ensure that if somebody does get into your database, they won't know all your user's passwords. If that is what you are asking.

Posted: Fri Jun 30, 2006 2:16 pm
by RobertGonzalez
I think the security of hashed passwords comes from interaction between the script and the data source. If someone actually gets into your database, there is nothing to stop them from running a simple ...

Code: Select all

UPDATE `users` SET `password` = 1
... and changing everyones password to 1 (or some other arbitrary value). I think the hashing has more practical security application in the passing of data between the script and the database. If someone did change passwords in the database, but the code is still checking an MD5 (or some other hashed value), then passing a 1 through the script will fail, unless the hacker enters this ...

Code: Select all

UPDATE `users` SET `password` = MD5('1')
... but even this will cause a failure if your hashing mechanism is not a common hash application like MD5 or SHA1.

Just my opinion.

Posted: Fri Jun 30, 2006 2:19 pm
by John Cartwright
At that point you'll notice something has gone wrong and your server has been hijacked.. however.. if you have the passwords plaintext the theif will remain undetected. Even still, what if someone walking by your computer happens to glance over at your screen with phpmyadmin open and quickly jots down the user/pass..?

Posted: Fri Jun 30, 2006 2:34 pm
by Bigun
Direct access to the raw code and to the MySQL database will be limited to me and me only.

However, the disgruntled employee making all the account's password set to one will be difficult, seeing as how the interface I'm giving them will only be able to set one account at a time.

Posted: Fri Jun 30, 2006 2:36 pm
by Bigun
Jcart wrote:At that point you'll notice something has gone wrong and your server has been hijacked.. however.. if you have the passwords plaintext the theif will remain undetected. Even still, what if someone walking by your computer happens to glance over at your screen with phpmyadmin open and quickly jots down the user/pass..?
Unlikely... seeing as everything is done remotely and no passwords are saved on my browser..... and I have an over 30 character password.

Posted: Fri Jun 30, 2006 2:38 pm
by John Cartwright
Not to sound harsh, but what is your beef with not using md5? Perhaps you may never have a problem, but perhaps you may.. and at that point you can hit your head on the desk asking yourself why you didn't encrypt the passwords when you found out that several user's accounts have been hijacked (including your own) :wink:

Posted: Fri Jun 30, 2006 2:45 pm
by Bigun
Just less fuss and muss.

I have no beef particularly, but if the only real gain in doing so is safeguarding from direct access in PHPMySQL, then I see no need in it, besides, I can always implement it later.

Posted: Fri Jun 30, 2006 2:47 pm
by daedalus__
It takes about 5 characters to hash your passwords.

Posted: Fri Jun 30, 2006 2:47 pm
by Luke
IMO, not hashing the passwords in a database is irresponsible and downright lazy. Why wouldn't somebody do it? It takes one extra function. It's not like customers are going to care if you have to reset their password when THEY forget it. I can't think of one reason not to hash the passwords.

Posted: Fri Jun 30, 2006 2:54 pm
by Bigun
So the overall vote... is yes.... do it..?

Alrighty...

*begins to chop code*

Posted: Fri Jun 30, 2006 2:57 pm
by Luke
It doesn't take a whole lot... just wrap all of your password checks in sha1() or sha256() (feyd's script - not a standard PHP function)

Posted: Fri Jun 30, 2006 3:01 pm
by RobertGonzalez
You need to update the database as well as the code base. The database needs to be updated for all users so that there current password becomes MD5('pasword') so that when the code checks if (md5($_POST['password']) == $row['password']) it evaluate properly. Otherwise none of your users are going to get in.

PS Yes, you should hash your passwords. It adds a small amount of security to your data and your code, which always makes users feel more comfortable about using your site.

Posted: Fri Jun 30, 2006 3:03 pm
by Bigun
All done and works....

Thanks guys