Re: mysql password ( )

Wed, 28 Aug 2002 21:02:52 -0700 

Hi,

The password() function is a "one way encoder". In other words it just 
generates some kind of checksum of the input parameter.
So you cannot decrypt them, but it is much safer than encrypting and 
decrypting strings, because even the attacker cannot decrypt them. :-)

You can use it this way for example:

Let's say my password is: abcdef

Password('abcdef') -> 0bc7a0b7062090d5 (You must store this checksum in the 
database.)

When you want to check if the password entered by the user is correct, you 
need to do this:

The password entered by the user: abcdeg

You call the password function:

Password('abcdeg') -> 0bc7a2b806208ed6

Compare the stored checksum and this one: NOT EQUAL -> entered password is bad


Notice that if there is only a small difference between the right and the 
entered words the checksum will be different in many aspects. That's why it 
is quite safe.

But you can get better protecting if you use the MD5 function. It works the 
same way than the password function, but generates 32 character long 
checksum instead of 16.



At 10:47 2002.08.28._ -0600, you wrote:
>I have used the mysql password(\"$pass \") function in the past to encrypt
>passwords into the db. but can not decrypt  them if needed. I know this is
>not something new.
>
>Is there a better way to protect passwords in the db and then decrypt them
>if needed ?
>
>Thanks
>
>Mark
>
>
>---------------------------------------------------------------------
>Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
>
>To request this thread, e-mail <[EMAIL PROTECTED]>
>To unsubscribe, e-mail <[EMAIL PROTECTED]>
>Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to