Jump to content

Recommended Posts

However, DON'T use the mysql password() function in your application -

 

The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.

 

The hash length used by the password() function has changed at least once, thereby breaking any application that was using it.

Link to comment
https://forums.phpfreaks.com/topic/177381-password-and-now/#findComment-935245
Share on other sites

Ok, so just to clarify, I agree with AlexWD's comment -- mysql themselves state that their internal encryption algorithm shouldn't be used to encrypt passwords. 

 

As for quibbling, md5 and sha1 are Hashes.  They are not encryption per se, because they can not be decrypted.  You give a hash an input, and it will create a hash, such that it is impossible to derive the original input given the hash.  They should also have the property that it should be impossible to guess what the hash value is.

 

Using PHP's mcrypt extension you can use heavy weight encryption/decryption if you want.  This is a topic that is endlessly debated, as some people will insist that you should use hashes and not encrypt/decrypt routines, as this will insure that even if your server is compromised, people will not be able to reverse the original passwords.

 

Using a hash for a pw is a pretty standard alternative, but if you are going to use it, it's a good idea to hash a string that is comprised of more than just the password itself.  For example, using the username + pw + "a salt" would be a lot better input.

 

i won't explain what a salt is, but you probably want to read up on the idea if you intend to implement your own hash based password routines.

Link to comment
https://forums.phpfreaks.com/topic/177381-password-and-now/#findComment-935271
Share on other sites

As to what now() is -

 

NOW()

 

Returns the current date and time as a value in 'YYYY-MM-DD HH:MM:SS' or YYYYMMDDHHMMSS.uuuuuu format, depending on whether the function is used in a string or numeric context. The value is expressed in the current time zone.

 

You can find all the answer to basic mysql questions in the documentation - http://dev.mysql.com/doc/refman/5.1/en/index.html

 

I personally recommend downloading the .chm version of the manual as both the Index and Search tabs in it make finding information extremely easy.

Link to comment
https://forums.phpfreaks.com/topic/177381-password-and-now/#findComment-935373
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.