kayla Posted December 7, 2009 Share Posted December 7, 2009 I am creating a client zone for a company as part of a uni project. I was thinking of creating a php page for employees to log in and edit or add passwords for clients. My only problem comes when encrypting the passwords. I've heard of salting and hashing but I'm not sure of what would be best to use. The data is being accessed by the clients is on an Access db (not ideal for multiple access, i know) Also, when the client logs in with their password will it automatically be recognised? Or will i need code which de-encrypts it? Sorry if I don't make much sense, but any help would be greatly appreciated! Quote Link to comment Share on other sites More sharing options...
oni-kun Posted December 7, 2009 Share Posted December 7, 2009 Hashing cannot be reversed, technically. Adding salt will remove the attacker's ability to use Rainbow tables (precalculated hash attacks basically) on the hash. It's faster and recommended to use hashing, much faster than decrypting. <?php $password = 'mypassword'; $salt=')_*]$'; $saltedHash = md5($pass . $salt); echo $saltedHash; ?> When the user enters his password, it rehashes it, sends it to the DB and checks if the password hashes are the same. Straightforward from there. if ( (md5($_POST['...']) . $salt) == xxxxxxxxxxxxx ) {//hash from database //so on.. allow them to change their pass. } Quote Link to comment Share on other sites More sharing options...
kayla Posted December 7, 2009 Author Share Posted December 7, 2009 Thanks alot! I wasn't sure, as when I was googling about it, I found a couple of blogs that said hashing was a bad idea but adding 'salt' seems to be a sensible idea in order to make it more secure. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.