Securest? Yes, maybe. But first of all the security of a web site does not depend on the password encoding system (PASSWORD or MD5) you use in the MySQL database. (I mean firewalls, good OS, so on.)
At 00:32 2002.08.29. -0400, you wrote: >so md5 would be the securest way to handle password security for a website? > > >Randy >----- Original Message ----- >From: "Daniel Kiss" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, August 29, 2002 12:19 AM >Subject: Re: mysql password ( ) > > > > Hi, > > > > The password() function is a "one way encoder". In other words it just > > generates some kind of checksum of the input parameter. > > So you cannot decrypt them, but it is much safer than encrypting and > > decrypting strings, because even the attacker cannot decrypt them. :-) > > > > You can use it this way for example: > > > > Let's say my password is: abcdef > > > > Password('abcdef') -> 0bc7a0b7062090d5 (You must store this checksum in >the > > database.) > > > > When you want to check if the password entered by the user is correct, you > > need to do this: > > > > The password entered by the user: abcdeg > > > > You call the password function: > > > > Password('abcdeg') -> 0bc7a2b806208ed6 > > > > Compare the stored checksum and this one: NOT EQUAL -> entered password is >bad > > > > > > Notice that if there is only a small difference between the right and the > > entered words the checksum will be different in many aspects. That's why >it > > is quite safe. > > > > But you can get better protecting if you use the MD5 function. It works >the > > same way than the password function, but generates 32 character long > > checksum instead of 16. > > > > > > > > At 10:47 2002.08.28._ -0600, you wrote: > > >I have used the mysql password(\"$pass \") function in the past to >encrypt > > >passwords into the db. but can not decrypt them if needed. I know this >is > > >not something new. > > > > > >Is there a better way to protect passwords in the db and then decrypt >them > > >if needed ? > > > > > >Thanks > > > > > >Mark > > > > > > > > >--------------------------------------------------------------------- > > >Before posting, please check: > > > http://www.mysql.com/manual.php (the manual) > > > http://lists.mysql.com/ (the list archive) > > > > > >To request this thread, e-mail <[EMAIL PROTECTED]> > > >To unsubscribe, e-mail ><[EMAIL PROTECTED]> > > >Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php > > > > > > --------------------------------------------------------------------- > > Before posting, please check: > > http://www.mysql.com/manual.php (the manual) > > http://lists.mysql.com/ (the list archive) > > > > To request this thread, e-mail <[EMAIL PROTECTED]> > > To unsubscribe, e-mail ><[EMAIL PROTECTED]> > > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php > > > > > >--------------------------------------------------------------------- >Before posting, please check: > http://www.mysql.com/manual.php (the manual) > http://lists.mysql.com/ (the list archive) > >To request this thread, e-mail <[EMAIL PROTECTED]> >To unsubscribe, e-mail ><[EMAIL PROTECTED]> >Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php