Jump to content

Recommended Posts

Alright Im sure, almost positive this is been asked in some form way shape or another here on this site at one point in time or another.. but I'm going to ask again, as I'm sure since the last time It may have asked new stuff has come into light..

 

Anyway. I want to take a password (user provided), and turn it into something secure, and unique. But, I'm not sure which way to go.. I want to do this with php.. So what to choose, MD5, encrypt(), something else? I'm looking for opinions mostly, or good methods to implement encrypting the password so to speak..

Link to comment
https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/
Share on other sites

Go for a hashing algorithm like md5() or sha1() (etc').

A good way to tighten the security would be adding a constant salt to the hashing:

 

<?php

$salt = "32@952y53f322#39"; //This string has to stay constant all the time.
$hash = md5($_POST['pass'].$salt);

?>

Example- check if inputed password exists in the database
<?php

$hash = md5($_POST['inputted_pass'].$salt); //Same $salt from previous script
$result = mysql_query("SELECT * FROM users WHERE pass = '$hash'");
if(mysql_num_rows($result) > 0)
  echo "user exists";

?>

 

 

Orio.

Link to comment
https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/#findComment-498346
Share on other sites

Well I use md5() for encrypting password just because I think it's a little more hassle free. With md5(), you can only get one hash from a string of characters; but crypt() can output different hashes for the same string of characters. To be honest, I've never tried to use crypt(), so I don't know what it's like to use.

Link to comment
https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/#findComment-498352
Share on other sites

I think I am gonna go with the md5 concept.. its worked for me in the past, I was just looking for opinions on if anything was better then..

 

As far as getting into a database unauthorized, I know the potential risks still exists, and I am intent on taking what I know, and attempt to keep a good current knowledge there of on the subject.. and implementing it in to the over all structure to make it more secure.

 

As far as this matter goes all it for is so someone cant as easily crack a password to get in, and what would be the best method of taking your common user passwords which usually consist of easy dictionary words and encrypting them in one sense of the word or another.

 

I want to thank those of you who did reply in helping me figure the route I wanna go, I'm intent on keeping this open a bit longer to get more opinions though as i am just curious

Link to comment
https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/#findComment-498370
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.