Jump to content


Photo

Two way encryption question


  • Please log in to reply
3 replies to this topic

#1 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 17 July 2006 - 09:32 PM

Hi,

I use the MD5 hash function to store users passwords on my server. The problem with this is that on the Intranet where this is being used to log on to the Intranet, the academic staff are, for some reason, apt to forgetting their passwords. So, a new password is issued which they can change to one they can remember. Unfortunately, the academics seem to not posess a good memory for paswords, and pretty soon we have to gpo through this process again. Bare in mind that I am not trying to create a 'Fort Nox' type security, it's just for logging on to the Intranet.....but it would be very handy to be able to have some sort of two way encryption, rather than MD5 so they could recover their original password. The thinking is that if they get the same password into their head....eventually they ought to be able to remember it!!!! So, is there a way to employ two way encryption rather than MD5?

Thanks,
Neil

#2 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 17 July 2006 - 09:33 PM

You can use ENCODE() and DECODE() functions in mySQL. Just remember, if you can decode it for them to see--so could potential hackers if they gained access to your database.

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#3 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 17 July 2006 - 09:39 PM

Thanks pixy, I'll investigate those functions. Management will have to decide which way I go with this but at least if I give them some options they should be able to make the correct choice for the situation.

Cheers.

#4 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 17 July 2006 - 09:42 PM

You know, you could always send an email to them whenever they change their password with the new password. That way, they could just search their inbox for the confirmation email from the password change.

+ You're welcome. :)

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users