Re: mysql password ( )

Wed, 28 Aug 2002 21:13:19 -0700 

so md5 would be the securest way to handle password security for a website?


Randy
----- Original Message -----
From: "Daniel Kiss" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 29, 2002 12:19 AM
Subject: Re: mysql password ( )


> Hi,
>
> The password() function is a "one way encoder". In other words it just
> generates some kind of checksum of the input parameter.
> So you cannot decrypt them, but it is much safer than encrypting and
> decrypting strings, because even the attacker cannot decrypt them. :-)
>
> You can use it this way for example:
>
> Let's say my password is: abcdef
>
> Password('abcdef') -> 0bc7a0b7062090d5 (You must store this checksum in
the
> database.)
>
> When you want to check if the password entered by the user is correct, you
> need to do this:
>
> The password entered by the user: abcdeg
>
> You call the password function:
>
> Password('abcdeg') -> 0bc7a2b806208ed6
>
> Compare the stored checksum and this one: NOT EQUAL -> entered password is
bad
>
>
> Notice that if there is only a small difference between the right and the
> entered words the checksum will be different in many aspects. That's why
it
> is quite safe.
>
> But you can get better protecting if you use the MD5 function. It works
the
> same way than the password function, but generates 32 character long
> checksum instead of 16.
>
>
>
> At 10:47 2002.08.28._ -0600, you wrote:
> >I have used the mysql password(\"$pass \") function in the past to
encrypt
> >passwords into the db. but can not decrypt  them if needed. I know this
is
> >not something new.
> >
> >Is there a better way to protect passwords in the db and then decrypt
them
> >if needed ?
> >
> >Thanks
> >
> >Mark
> >
> >
> >---------------------------------------------------------------------
> >Before posting, please check:
> >    http://www.mysql.com/manual.php   (the manual)
> >    http://lists.mysql.com/           (the list archive)
> >
> >To request this thread, e-mail <[EMAIL PROTECTED]>
> >To unsubscribe, e-mail
<[EMAIL PROTECTED]>
> >Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
>
> ---------------------------------------------------------------------
> Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail
<[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>



---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to