Re: Decrypting PASSWORD() from MySQL

Wed, 19 Dec 2001 13:16:58 -0800 

On Wed, 19 Dec 2001, Matt Wagner wrote:

> Date: Wed, 19 Dec 2001 13:51:30 -0600 (CST)
> From: Matt Wagner <[EMAIL PROTECTED]>
> To: Zach Curtis <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: Decrypting PASSWORD() from MySQL
> 
> Zach Curtis writes:
> > I have a form for a user to request their forgotten username and password by
> > entering their email address. I then process this using PHP and use mail()
> > to send them their username and password. However, the password is stored in
> > an encrypted PASSWORD('password') field in the MySQL table. How can I
> > retrieve the decrypted password in a SELECT statement?
> 
> Zach,
> 
> You cannot do this. PASSWORD() is one-way.
> 
> What you have to do is have two fields, 'passwd' and 'epasswd', with
> 'passwd' being clear-text, the other being encrypted (with PASSWORD()
> or other).
> 
> If you want to obscure the clear-text field in a decodable fashion,
> then check out the ENCODE()/DECODE() functions.
> 
> Note, in MySQL 4.x there will be two new functions,
> DES_ENCRYPT()/DES_DECRYPT().
I have read that DES is considered at or approaching the end of its 
useful life and  other encryption algorythms are now recommended.

> 
>     Matt
> 
> -- 
> For technical support contracts, visit https://order.mysql.com/
>    __  ___     ___ ____  __
>   /  |/  /_ __/ __/ __ \/ /    Mr. Matt Wagner <[EMAIL PROTECTED]>
>  / /|_/ / // /\ \/ /_/ / /__   MySQL AB, Herr Direktor
> /_/  /_/\_, /___/\___\_\___/   Hopkins, Minnesota  USA
>        <___/   www.mysql.com
> 
> 
> ---------------------------------------------------------------------
> Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
> 
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> 

Sincerely,

William Mussatto, Senior Systems Engineer
CyberStrategies, Inc
ph. 909-920-9154 ext. 27


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to