Jeremy Zawodny wrote:
The way many systems handle passwords, is that you store the password as a one-way encryption (MD5 or crypt() for example), then when you need to test if that is the right password, you encrypt the password they give you, then see if the two encrypted forms match.On Mon, Dec 23, 2002 at 03:53:14PM -0700, Mark Stringham wrote:I know the MySQL password( ) function is irreversible. I have also been told that storing passwords in plain text is a bad idea. Can a get a few suggestions of good ways to store passwords in the db?Using MD5() is one of my favorite alternatives. Jeremy
That system makes breaking passwords much harder, since you have to brute force, not just have the reverse encryption key and then have access to all of the passwords.
--
Kevin
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
