Page 1 of 1
Encrypting passwords with mySQL/PHP
Posted: Sun Sep 23, 2007 11:40 am
by kkonline
Can we please discuss some methods to encrypt password before storing it to database.
For example sha1, md5 and more ways... and if they are one way encryptable or they can be decrypted too?
Posted: Sun Sep 23, 2007 12:08 pm
by feyd
Hashing is one-way only. That's exactly what you want. We've discussed it many times before. Have you read previous threads on hashing and md5/sha1/sha256/etc...?
Posted: Mon Sep 24, 2007 5:06 am
by Mordred
Posted: Sun Sep 30, 2007 2:01 am
by baileylo
feyd wrote:Hashing is one-way only. That's exactly what you want. We've discussed it many times before. Have you read previous threads on hashing and md5/sha1/sha256/etc...?
May be one way, but still
sha1:
http://www.schneier.com/blog/archives/2 ... roken.html
md5:
http://www.schneier.com/blog/archives/2 ... ollis.html
But chances are the fact that there are these errors you'll be fine also try this
Posted: Sun Sep 30, 2007 7:55 am
by feyd
The breaking of sha1 and md5 were discussed in the previous threads, if one read them.
As for base64_encode() of a hash... what's the point? Especially of a hex string.
Posted: Sun Sep 30, 2007 10:14 am
by superdezign
@baileylo: Nothing is perfect, but even MD5 can be strong if you salt / pepper correctly, as rainbow tables wouldn't work as well. Of course, we have better hashing algorithms, so there's no need to bother with older ones.