password encryption

[Woodburn2006]

i am doing a login system for a content management page and i was just wondering what the best way of encrypting passwords is. i have read various methods but i was just wondering if anybody could give me any pointers.

thanks

[Orio]

There's always a safer and better way. The oridanry way is using functions like md5() or sha1() on the passwords.
Sometimes people add "salts". A "salt" is a string added to every password before encrypting it. An example:
[code=php:0]$salt="gjfgwoeaq";
$hash=md5($salt.$password);[/code]

This makes the password encryption better.

Orio.

[Woodburn2006]

cool, so once the password is encrypted, how do i use that?

say somebody uses the password 'password'. how will it be stored in the database and how will i have it decrypted

[Orio]

That's the nice thing about md5/sha1 and others. It cant be directly decrypted, it's a one way trip :D It can only be guessed.
Let's say someone uses the pass "password". On the first time he registers, you store in the database md5("password"). Every time he wants to log in, you check if the encryption of the password entered is in the database. If the encryption of the password the user currently entered is the same as the one in the database, that means that the original passwords (before the encryption) are the same :)

Orio.

[Pudgemeister]

this has helped me alot peeps-thanx for postin this topic

[Woodburn2006]

so when he comes to login and he types 'password' in the password box. would i then just compare what he has enterd to what is in the DB and that would work or do i need to compare what he enters to md5("pass from DB") ?

[Orio]

No. The password in the db was already encrypted when he registered. Each time he logs in, we md5 his pass and then compare.

Orio.