EchoFool Posted May 26, 2008 Share Posted May 26, 2008 I am using a password encryption for my registration of: <?php $Password = mysql_real_escape_string($_POST['Password']); $Password = md5($Password); ?> But on login process form where i have: <?php $Username = mysql_real_escape_string($_POST['Username']); $Password = mysql_real_escape_string($_POST['Password']); $Password = md5($Password); ?> It doesn't match up. Then I thought about using a "request forgotten password feature", but how can the php de-crypt it in order to tell the user what their actual password was via email if they ever forgot ? Because at the moment I cannot login, as the encryption codes do not match. Yet for the same password on input it is only doing: 60474c9c10d7142b7508ce7a50acf414 The database encrypted password is: 60474c9c10d7142b7508 Which is what is throwing it out, for some reason I cannot work out why. Link to comment https://forums.phpfreaks.com/topic/107254-solved-password-encryption/ Share on other sites More sharing options...
MishieMoo Posted May 26, 2008 Share Posted May 26, 2008 You probably don't have enough characters allotted in the database. MD5 returns a 32-character string. If you notice, the first 20 or so are the same, until the second string ends. Increase the size of the row in the database and it should work fine. In regards to a lost password feature, simply generate a random password and send it out instead of storing the actual password in the database (which isn't very safe). It's the better way to do things xD Link to comment https://forums.phpfreaks.com/topic/107254-solved-password-encryption/#findComment-549916 Share on other sites More sharing options...
DarkWater Posted May 26, 2008 Share Posted May 26, 2008 test12 isn't a very strong password. =) And don't run mysql_real_escape_string on a password that you're encrypting anyway. P.S: @Poster above me: MD5 outputs 32 characters. Link to comment https://forums.phpfreaks.com/topic/107254-solved-password-encryption/#findComment-549918 Share on other sites More sharing options...
EchoFool Posted May 26, 2008 Author Share Posted May 26, 2008 test12 isn't a very strong password. =) And don't run mysql_real_escape_string on a password that you're encrypting anyway. P.S: @Poster above me: MD5 outputs 32 characters. LOL how did you de-crypt that? Is that with php? Because I am looking for something like that. MishieMoo - you were correct about the database ! Thanks ! But can de-cryption be done in php ? Link to comment https://forums.phpfreaks.com/topic/107254-solved-password-encryption/#findComment-549920 Share on other sites More sharing options...
DarkWater Posted May 26, 2008 Share Posted May 26, 2008 No, you can't decrypt MD5's, but I have rainbow tables, and it's fun to watch people go "omg how u do dat". =P Link to comment https://forums.phpfreaks.com/topic/107254-solved-password-encryption/#findComment-549923 Share on other sites More sharing options...
EchoFool Posted May 26, 2008 Author Share Posted May 26, 2008 No, you can't decrypt MD5's, but I have rainbow tables, and it's fun to watch people go "omg how u do dat". =P Whats rainbow tables? Link to comment https://forums.phpfreaks.com/topic/107254-solved-password-encryption/#findComment-549926 Share on other sites More sharing options...
DarkWater Posted May 26, 2008 Share Posted May 26, 2008 In layman's terms, it takes every single letter+number combination up to a certain number of characters and MD5's them, and stores it in rainbow tables, so you can look them up later. =P Link to comment https://forums.phpfreaks.com/topic/107254-solved-password-encryption/#findComment-549929 Share on other sites More sharing options...
Fadion Posted May 26, 2008 Share Posted May 26, 2008 No, you can't decrypt MD5's, but I have rainbow tables, and it's fun to watch people go "omg how u do dat". =P haha ure funny lol. PS: Just use sha1() Link to comment https://forums.phpfreaks.com/topic/107254-solved-password-encryption/#findComment-549930 Share on other sites More sharing options...
EchoFool Posted May 26, 2008 Author Share Posted May 26, 2008 The rainbow tables must have millions of rows of data then ! Link to comment https://forums.phpfreaks.com/topic/107254-solved-password-encryption/#findComment-549932 Share on other sites More sharing options...
DarkWater Posted May 26, 2008 Share Posted May 26, 2008 The rainbow tables must have millions of rows of data then ! Yeah. Link to comment https://forums.phpfreaks.com/topic/107254-solved-password-encryption/#findComment-549944 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.