Jump to content

Recommended Posts

The safest way to do it is while users are registering, put the md5 hash of the password in the database....

and on login, do this:

 

 

$input = md5($_POST['pass']);

$res = mysql_query("SELECT * FROM users WHERE email='$email' and passowrd='$input' ")or die(mysql_error());

 

If someone steals your database, all they see is some random jibberish.

You should also salt your passwords. Here's an example (you will need a salt function to make $salt = say a ten character salt. they're all random characters.)

 

Register:

mysql_query("INSERT INTO users (name, password, salt) VALUES ('".$_POST["name"]."', '".md5(md5($_POST["password") . $salt)."', '".$salt."')");

 

Login:

//this is just checking password
if ($rows["password"] == md5(md5($_POST["password"]) . $rows["salt"]))
{
  //correct password
}

 

 

You could also try whirlpool encryption.

Note: that is not a safe query.

Also, these wouldn't work just like that. But those are just examples on inputting it and checking it.

But md5's can be cracked, so if they do get hold they can crack it

 

not with ease.  you may have heard that MD5 is not totally secure, but the main reason behind that is because of destination duplicates.  "cracking" one in the classic sense remains quite a difficult task.

Well. There's always hash() that offers several other hashing algorithms. See list here

 

zanus: It's not the matter of finding the exact password, but rather a string that when hashed will produce same output. That's why salting is so important.

couldn't you really slow the person down by doing md5's of md5's... for example...

 

 

$pass = md5(md5(md5(md5(md5($pass)))));

 

seems as though it would be good for regular sites...ya, i could be cracked, but it would take a lonnnngggg time for little benefit as long as the site doesn't deal with money or sensitive info

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.