[SOLVED] MYSQL Encrypt/Hide Passwords

[bmdsherman]

I have a mysql database that stores usernames and passwords and I was wondering if there is any way to hide or somehow encrypt the passwords so that I can't see them in phpmyadmin, but the login and register forms still work.

 

Any help would be appreciated!

[corbin]

You could use something like md5.

 

 

Store the hashed password in the database and when ever the user submits his password, hash it and compare against the one in the database.

 

Let's say x is the password, and h is the hashing function.

 

 

Now say z = h(x) (z would be stored in the database).

 

 

For user input a, if h(a) = z then allow the user to login.

[bmdsherman]

Thanks, but what about the passwords that are already in there?

[corbin]

Hrmmm....  Well if you wanted to MD5 them all, that would be simple.  You would need to change the field to a varchar(32) field (really it could be a char(32), but since you're converting it will need to be varchar, and in this situation it doesn't make much of a difference anyway).

 

 

You would want to do something like:

 

 

ALTER TABLE users CHANGE password password VARCHAR(32);

 

 

Then:

 

UPDATE users SET password = MD5(password);

[bmdsherman]

I already did it manually but thanks.

[corbin]

[TeNDoLLA]

You could also use sha1(), if you have need to restore user passwords someday. If you are using md5 there is no way you can ever retrieve a lost password, then you must reset the password.

[corbin]

Ermmmm....  Isn't sha1 a hashing algorithm too?