monkeytooth Posted March 22, 2008 Share Posted March 22, 2008 Alright Im sure, almost positive this is been asked in some form way shape or another here on this site at one point in time or another.. but I'm going to ask again, as I'm sure since the last time It may have asked new stuff has come into light.. Anyway. I want to take a password (user provided), and turn it into something secure, and unique. But, I'm not sure which way to go.. I want to do this with php.. So what to choose, MD5, encrypt(), something else? I'm looking for opinions mostly, or good methods to implement encrypting the password so to speak.. Quote Link to comment https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/ Share on other sites More sharing options...
Orio Posted March 22, 2008 Share Posted March 22, 2008 Go for a hashing algorithm like md5() or sha1() (etc'). A good way to tighten the security would be adding a constant salt to the hashing: <?php $salt = "32@952y53f322#39"; //This string has to stay constant all the time. $hash = md5($_POST['pass'].$salt); ?> Example- check if inputed password exists in the database <?php $hash = md5($_POST['inputted_pass'].$salt); //Same $salt from previous script $result = mysql_query("SELECT * FROM users WHERE pass = '$hash'"); if(mysql_num_rows($result) > 0) echo "user exists"; ?> Orio. Quote Link to comment https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/#findComment-498346 Share on other sites More sharing options...
Goldeneye Posted March 22, 2008 Share Posted March 22, 2008 Well I use md5() for encrypting password just because I think it's a little more hassle free. With md5(), you can only get one hash from a string of characters; but crypt() can output different hashes for the same string of characters. To be honest, I've never tried to use crypt(), so I don't know what it's like to use. Quote Link to comment https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/#findComment-498352 Share on other sites More sharing options...
cooldude832 Posted March 22, 2008 Share Posted March 22, 2008 just because you cover up 1 part doesn't make you secure. There are about a million ways a person can get into you db, data etc. the goal is to try and maximize your protection so that they have a hard time getting in. Quote Link to comment https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/#findComment-498363 Share on other sites More sharing options...
monkeytooth Posted March 22, 2008 Author Share Posted March 22, 2008 I think I am gonna go with the md5 concept.. its worked for me in the past, I was just looking for opinions on if anything was better then.. As far as getting into a database unauthorized, I know the potential risks still exists, and I am intent on taking what I know, and attempt to keep a good current knowledge there of on the subject.. and implementing it in to the over all structure to make it more secure. As far as this matter goes all it for is so someone cant as easily crack a password to get in, and what would be the best method of taking your common user passwords which usually consist of easy dictionary words and encrypting them in one sense of the word or another. I want to thank those of you who did reply in helping me figure the route I wanna go, I'm intent on keeping this open a bit longer to get more opinions though as i am just curious Quote Link to comment https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/#findComment-498370 Share on other sites More sharing options...
Lamez Posted March 22, 2008 Share Posted March 22, 2008 what is salt? Also could you do 2 encryption, like encrypt a string, then in encrypt that string <?php $pass = "mypassword"; $sha1 = sha1($pass); $md5 = md5($sha1); echo $md5; ?> Quote Link to comment https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/#findComment-498377 Share on other sites More sharing options...
ShogunWarrior Posted March 22, 2008 Share Posted March 22, 2008 Just do a salted SHA1 hash. Encryption is a different thing, you need a hash. Quote Link to comment https://forums.phpfreaks.com/topic/97389-md5-vs-encrypt-vs/#findComment-498389 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.