Securest? Yes, maybe. But first of all the security of a web site does not
depend on the password encoding system (PASSWORD or MD5) you use in the
MySQL database. (I mean firewalls, good OS, so on.)
At 00:32 2002.08.29. -0400, you wrote:
>so md5 would be the securest way to handle password security for a website?
>
>
>Randy
>----- Original Message -----
>From: "Daniel Kiss" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Thursday, August 29, 2002 12:19 AM
>Subject: Re: mysql password ( )
>
>
> > Hi,
> >
> > The password() function is a "one way encoder". In other words it just
> > generates some kind of checksum of the input parameter.
> > So you cannot decrypt them, but it is much safer than encrypting and
> > decrypting strings, because even the attacker cannot decrypt them. :-)
> >
> > You can use it this way for example:
> >
> > Let's say my password is: abcdef
> >
> > Password('abcdef') -> 0bc7a0b7062090d5 (You must store this checksum in
>the
> > database.)
> >
> > When you want to check if the password entered by the user is correct, you
> > need to do this:
> >
> > The password entered by the user: abcdeg
> >
> > You call the password function:
> >
> > Password('abcdeg') -> 0bc7a2b806208ed6
> >
> > Compare the stored checksum and this one: NOT EQUAL -> entered password is
>bad
> >
> >
> > Notice that if there is only a small difference between the right and the
> > entered words the checksum will be different in many aspects. That's why
>it
> > is quite safe.
> >
> > But you can get better protecting if you use the MD5 function. It works
>the
> > same way than the password function, but generates 32 character long
> > checksum instead of 16.
> >
> >
> >
> > At 10:47 2002.08.28._ -0600, you wrote:
> > >I have used the mysql password(\"$pass \") function in the past to
>encrypt
> > >passwords into the db. but can not decrypt them if needed. I know this
>is
> > >not something new.
> > >
> > >Is there a better way to protect passwords in the db and then decrypt
>them
> > >if needed ?
> > >
> > >Thanks
> > >
> > >Mark
> > >
> > >
> > >---------------------------------------------------------------------
> > >Before posting, please check:
> > > http://www.mysql.com/manual.php (the manual)
> > > http://lists.mysql.com/ (the list archive)
> > >
> > >To request this thread, e-mail <[EMAIL PROTECTED]>
> > >To unsubscribe, e-mail
><[EMAIL PROTECTED]>
> > >Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> >
> >
> > ---------------------------------------------------------------------
> > Before posting, please check:
> > http://www.mysql.com/manual.php (the manual)
> > http://lists.mysql.com/ (the list archive)
> >
> > To request this thread, e-mail <[EMAIL PROTECTED]>
> > To unsubscribe, e-mail
><[EMAIL PROTECTED]>
> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> >
>
>
>
>---------------------------------------------------------------------
>Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
>To request this thread, e-mail <[EMAIL PROTECTED]>
>To unsubscribe, e-mail
><[EMAIL PROTECTED]>
>Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
