[5.0.77] AES_ENCRYPT / AES_DECRYPT

[Shp0ngl3]

I've been trying to get this to work now since yesterday, but with no luck.

 

I run these two queries in Navicat..

 

UPDATE tbl_members SET member_password=AES_ENCRYPT('password', '1234567890123456') WHERE member_username='rk';
SELECT * FROM tbl_members WHERE member_username='rk' AND member_password=AES_DECRYPT('password','1234567890123456');

 

When I check the member_password field (blob) I find ™Ã7Ée“ûË+{£#”U)Ã, but still the result from SELECT is empty.

 

Anyone has any ideas on how to solve this issue?

 

Regards,

Shp0ngl3

[MadTechie]

this

UPDATE tbl_members SET member_password=AES_ENCRYPT('password', '1234567890123456') WHERE member_username='rk';

encrypts the password so the password changes from 1234567890123456 to ™Ã7Ée“ûË+{£#”U)Ã

 

So when selecting the WHERE need to find the encrypted password NOT the decrypted one!

you only decrypt when you want to view it like this

SELECT *, AES_DECRYPT('password','1234567890123456') as DecrypedPassword FROM tbl_members WHERE member_username='rk' AND member_password=AES_ENCRYPT('password', '1234567890123456');

 

However why encrypt it ? why not use a hash, ie SHA or MD5

 

another other is to decrypt the field in the where ie

SELECT *, AES_DECRYPT('password','1234567890123456') as DecrypedPassword FROM tbl_members WHERE member_username='rk' AND AES_DECRYPT('password', `member_password`) = '1234567890123456';

[Shp0ngl3]

Thanks alot for the reply MadTechie. I will try it out when I get back to work on monday.

 

About your question, why not using hash. I must say that in the perfect world I would do that without hesitation, but because of how the system I work on was built before I started working there, and that my boss want's to be able to return the passwords as plaintext, I'm afraid that's not an option Tried talking him into letting me rewrite the login system etc, but no luck...

 

Regards,

Shp0ngl3