Woodburn2006 Posted August 13, 2006 Share Posted August 13, 2006 i am doing a login system for a content management page and i was just wondering what the best way of encrypting passwords is. i have read various methods but i was just wondering if anybody could give me any pointers.thanks Quote Link to comment Share on other sites More sharing options...
Orio Posted August 13, 2006 Share Posted August 13, 2006 There's always a safer and better way. The oridanry way is using functions like md5() or sha1() on the passwords.Sometimes people add "salts". A "salt" is a string added to every password before encrypting it. An example:[code=php:0]$salt="gjfgwoeaq";$hash=md5($salt.$password);[/code]This makes the password encryption better.Orio. Quote Link to comment Share on other sites More sharing options...
Woodburn2006 Posted August 13, 2006 Author Share Posted August 13, 2006 cool, so once the password is encrypted, how do i use that? say somebody uses the password 'password'. how will it be stored in the database and how will i have it decrypted Quote Link to comment Share on other sites More sharing options...
Orio Posted August 13, 2006 Share Posted August 13, 2006 That's the nice thing about md5/sha1 and others. It cant be directly decrypted, it's a one way trip :D It can only be guessed.Let's say someone uses the pass "password". On the first time he registers, you store in the database md5("password"). Every time he wants to log in, you check if the encryption of the password entered is in the database. If the encryption of the password the user currently entered is the same as the one in the database, that means that the original passwords (before the encryption) are the same :)Orio. Quote Link to comment Share on other sites More sharing options...
Pudgemeister Posted August 13, 2006 Share Posted August 13, 2006 this has helped me alot peeps-thanx for postin this topic Quote Link to comment Share on other sites More sharing options...
Woodburn2006 Posted August 13, 2006 Author Share Posted August 13, 2006 so when he comes to login and he types 'password' in the password box. would i then just compare what he has enterd to what is in the DB and that would work or do i need to compare what he enters to md5("pass from DB") ? Quote Link to comment Share on other sites More sharing options...
Orio Posted August 13, 2006 Share Posted August 13, 2006 No. The password in the db was already encrypted when he registered. Each time he logs in, we md5 his pass and then compare.Orio. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.