Chris Kavanagh <mailto:[EMAIL PROTECTED]> wrote on Tuesday, December 07, 2004 3:36 PM: > I need to store passwords in my database, and I understand it's bad > form to store them anywhere in a readable format (I remember reading > once that if you call a company and ask for your password, > and they can > tell you, it's a bad sign).
well, yes. I'd be very worried if any random company could tell me what my passwords were... :) Storing them in unreadable format is one thing; storing a hash or other format which can't be retrieved is another. There are advantages and disadvantages to both. > Is the solution a BLOB column type, and when inserting records: > > md5('somepassword') Don't think there's any need to use a blob - an MD5 is simply hex digits, so CHAR(32) should suffice (as far as I'm aware). also, you might want to consider sha1 if you haven't got any legacy MD5 elements. http://dev.mysql.com/doc/mysql/en/Encryption_functions.html If you ever want to be able to retrieve passwords, rather than simply checking to see if an entered value is (very) likely to be the same as the original password (which is how md5 and sha1 work), try the aes_encrypt functions and have a master password or passphrase. cheers, Tom -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]