Jump to content

Archived

This topic is now archived and is closed to further replies.

Woodburn2006

password encryption

Recommended Posts

i am doing a login system for a content management page and i was just wondering what the best way of encrypting passwords is. i have read various methods but i was just wondering if anybody could give me any pointers.

thanks

Share this post


Link to post
Share on other sites
There's always a safer and better way. The oridanry way is using functions like md5() or sha1() on the passwords.
Sometimes people add "salts". A "salt" is a string added to every password before encrypting it. An example:
[code=php:0]$salt="gjfgwoeaq";
$hash=md5($salt.$password);[/code]

This makes the password encryption better.

Orio.

Share this post


Link to post
Share on other sites
cool, so once the password is encrypted, how do i use that?

say somebody uses the password 'password'. how will it be stored in the database and how will i have it decrypted

Share this post


Link to post
Share on other sites
That's the nice thing about md5/sha1 and others. It cant be directly decrypted, it's a one way trip :D It can only be guessed.
Let's say someone uses the pass "password". On the first time he registers, you store in the database md5("password"). Every time he wants to log in, you check if the encryption of the password entered is in the database. If the encryption of the password the user currently entered is the same as the one in the database, that means that the original passwords (before the encryption) are the same :)

Orio.

Share this post


Link to post
Share on other sites
so when he comes to login and he types 'password' in the password box. would i then just compare what he has enterd to what is in the DB and that would work or do i need to compare what he enters to md5("pass from DB") ?

Share this post


Link to post
Share on other sites
No. The password in the db was already encrypted when he registered. Each time he logs in, we md5 his pass and then compare.

Orio.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.