Re: mysql apache md5
Umm... I'm no crypto guru, but I've never heard of MD5 having variants, let
alone a salt. MD5 is MD5 is MD5. APR, incidentally, is the Apache Runtime,
afaik - part of the build kit for apache modules.
I strongly suspect your problem is on another level.
- Original Message -
From: Edward avanti edward.ava...@gmail.com
To: mysql@lists.mysql.com
Sent: Monday, 7 March, 2011 5:54:02 AM
Subject: Re: mysql apache md5
everything to do with mysql
I try make it clearer, sorry for not so in first post
customer relationship manager add users into mysql
we want not to use apache auth of encrypt, but use md5 for longer
password
apache use variant of md5, called md5 -apr, but mysql md5 only uses
the -1
type
so, when CRM add userlike
INSERT INTO users (..other`appass`) values (...other...
'MD5('$PASS')
the md5 -1 that mysql uses is not compatible so apache auth fail. the
variant is apaprently add
$apr1$up to 8 chars$md5passwordhere,
making allabove line the salted md5.
I try to get mysql and apache to play nice, but thy do not because
mysql and
apache not use same method, hence my attempt to work around, even SHA
same
affect, i am try use anything but DES encrypt('$PASS')
sadly that only thing that work happily witrh each other.
openssl have ability to do this so not sure why mysql not have option
Sure someone had same problem and simple work around to have mysql
use
correct md5, but no google fu work
--
Bier met grenadyn
Is als mosterd by den wyn
Sy die't drinkt, is eene kwezel
Hy die't drinkt, is ras een ezel
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: mysql apache md5
On Mon, 2011-03-07 at 13:51 +0100, Johan De Meersman wrote:
Umm... I'm no crypto guru, but I've never heard of MD5 having variants, let
alone a salt. MD5 is MD5 is MD5. APR, incidentally, is the Apache Runtime,
afaik - part of the build kit for apache modules.
I strongly suspect your problem is on another level.
Actually, he is correct. Though, the Apache variant of md5 is a chosen
improved security method, it really shouldn't be called MD5 since it is
not compatible with, well, base MD5 :)
http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
MD5
$apr1$ + the result of an Apache-specific algorithm using an
iterated (1,000 times) MD5 digest of various combinations of a
random 32-bit salt and the password. See the APR source file
apr_md5.c for the details of the algorithm.
MD5
$ openssl passwd -apr1 myPassword
$apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0
I agree Apache should probably not be calling it MD5. Perhaps it needs
renaming and MD5 as we all know it, be, MD5.
and for this reason I will xpost to devs list for some clear (maybe)
explanation as to why it was called this.
I don't think Edward's questioning is unreasonable, given the popularity
of LAMP combination, they are touted to work hand in hand, but as he
pointed out, they are not, even exampled by openssl wanting -apr1 not
-md5 to be compatible, so I can see how
this would be a problem with MySQL insert of md5(foo) not be recognised
by an Apache md5 wanting.
Noel
- Original Message -
From: Edward avanti edward.ava...@gmail.com
To: mysql@lists.mysql.com
Sent: Monday, 7 March, 2011 5:54:02 AM
Subject: Re: mysql apache md5
everything to do with mysql
I try make it clearer, sorry for not so in first post
customer relationship manager add users into mysql
we want not to use apache auth of encrypt, but use md5 for longer
password
apache use variant of md5, called md5 -apr, but mysql md5 only uses
the -1
type
so, when CRM add userlike
INSERT INTO users (..other`appass`) values (...other...
'MD5('$PASS')
the md5 -1 that mysql uses is not compatible so apache auth fail. the
variant is apaprently add
$apr1$up to 8 chars$md5passwordhere,
making allabove line the salted md5.
I try to get mysql and apache to play nice, but thy do not because
mysql and
apache not use same method, hence my attempt to work around, even SHA
same
affect, i am try use anything but DES encrypt('$PASS')
sadly that only thing that work happily witrh each other.
openssl have ability to do this so not sure why mysql not have option
Sure someone had same problem and simple work around to have mysql
use
correct md5, but no google fu work
--
Bier met grenadyn
Is als mosterd by den wyn
Sy die't drinkt, is eene kwezel
Hy die't drinkt, is ras een ezel
signature.asc
Description: This is a digitally signed message part
Re: mysql apache md5
Sorry but what about are you speaking? what are you doing? and what has this to do with mysql? Am 06.03.2011 05:34, schrieb Edward avanti: Hi, I am having all sorts of problem getting apache to accept its MD5 version, this is from a CRM using perl I've tried concat $apr1$foo$ and md5(bar) as best I can tell It doesnt like the md5 part Is there anyway to get this to work? the only thing that does is encrypt, and thats sad, with only 8 charachters in an age where we encourage long and complicated pass phrases Be nice if MySQL planning on making this compatible some time? maybe with APR(bar) or whatever? because at the moment, LAMP, is not such a marriage in in such important ways, it amazing. signature.asc Description: OpenPGP digital signature
Re: mysql apache md5
On Sun, Mar 6, 2011 at 9:35 PM, Reindl Harald h.rei...@thelounge.netwrote:
Sorry but what about are you speaking?
what are you doing?
and what has this to do with mysql?
everything to do with mysql
I try make it clearer, sorry for not so in first post
customer relationship manager add users into mysql
we want not to use apache auth of encrypt, but use md5 for longer password
apache use variant of md5, called md5 -apr, but mysql md5 only uses the -1
type
so, when CRM add userlike
INSERT INTO users (..other`appass`) values (...other... 'MD5('$PASS')
the md5 -1 that mysql uses is not compatible so apache auth fail. the
variant is apaprently add
$apr1$up to 8 chars$md5passwordhere,
making allabove line the salted md5.
I try to get mysql and apache to play nice, but thy do not because mysql and
apache not use same method, hence my attempt to work around, even SHA same
affect, i am try use anything but DES encrypt('$PASS')
sadly that only thing that work happily witrh each other.
openssl have ability to do this so not sure why mysql not have option
Sure someone had same problem and simple work around to have mysql use
correct md5, but no google fu work
Am 06.03.2011 05:34, schrieb Edward avanti:
Hi, I am having all sorts of problem getting apache to accept its MD5
version, this is from a CRM using perl
I've tried concat $apr1$foo$ and md5(bar)
as best I can tell It doesnt like the md5 part
Is there anyway to get this to work? the only thing that does is encrypt,
and thats sad, with only 8 charachters in an age where we encourage long
and
complicated pass phrases
Be nice if MySQL planning on making this compatible some time? maybe with
APR(bar) or whatever? because at the moment, LAMP, is not such a
marriage
in in such important ways, it amazing.
mysql apache md5
Hi, I am having all sorts of problem getting apache to accept its MD5 version, this is from a CRM using perl I've tried concat $apr1$foo$ and md5(bar) as best I can tell It doesnt like the md5 part Is there anyway to get this to work? the only thing that does is encrypt, and thats sad, with only 8 charachters in an age where we encourage long and complicated pass phrases Be nice if MySQL planning on making this compatible some time? maybe with APR(bar) or whatever? because at the moment, LAMP, is not such a marriage in in such important ways, it amazing. Ed
FW: Re: MD5()
I thought the DES_ENCRYPT/DES_DECRYPT functions were released in mysql version 4 however they work with my version of mySQL 3.23 ? Neil From: Neil Tompkins [EMAIL PROTECTED] To: mysql@lists.mysql.com Subject: FW: Re: MD5() Date: Sat, 10 Mar 2007 18:24:19 + Strange the DES_ENCRYPT/DES_DECRYPT functions work with my version of mySQL 3.23 From: Neil Tompkins [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: mysql@lists.mysql.com Subject: Re: MD5() Date: Sat, 10 Mar 2007 18:20:43 + DES_ENCRYPT/DES_DECRYPT appears to be what we require. Thanks Neil From: Mogens Melander [EMAIL PROTECTED] To: Neil Tompkins [EMAIL PROTECTED] CC: mysql@lists.mysql.com Subject: Re: MD5() Date: Sat, 10 Mar 2007 12:19:53 +0100 (CET) Or you might want to take a look at DES_ENCRYPT/DES_DECRYPT funktions in the mysql manual. On Sat, March 10, 2007 11:18, Ian P. Christian wrote: Neil Tompkins wrote: I'm looking to use MD5() to encrypt credit card numbers. How do I unencrypt this when reading the value ? you can't. Google for MD5, or better still look at wikipedia, I'm sure they will have something -- Ian P. Christian ~ http://pookey.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] _ MSN Hotmail is evolving - check out the new Windows Live Mail. http://ideas.live.co.uk/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] _ MSN Hotmail is evolving - check out the new Windows Live Mail http://ideas.live.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] _ MSN Hotmail is evolving - check out the new Windows Live Mail. http://ideas.live.co.uk/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: FW: Re: MD5()
I just tried and it appears the functions DO NOT work in version 3.23 From: Neil Tompkins [EMAIL PROTECTED] To: mysql@lists.mysql.com Subject: FW: Re: MD5() Date: Mon, 12 Mar 2007 09:28:27 + I thought the DES_ENCRYPT/DES_DECRYPT functions were released in mysql version 4 however they work with my version of mySQL 3.23 ? Neil From: Neil Tompkins [EMAIL PROTECTED] To: mysql@lists.mysql.com Subject: FW: Re: MD5() Date: Sat, 10 Mar 2007 18:24:19 + Strange the DES_ENCRYPT/DES_DECRYPT functions work with my version of mySQL 3.23 From: Neil Tompkins [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: mysql@lists.mysql.com Subject: Re: MD5() Date: Sat, 10 Mar 2007 18:20:43 + DES_ENCRYPT/DES_DECRYPT appears to be what we require. Thanks Neil From: Mogens Melander [EMAIL PROTECTED] To: Neil Tompkins [EMAIL PROTECTED] CC: mysql@lists.mysql.com Subject: Re: MD5() Date: Sat, 10 Mar 2007 12:19:53 +0100 (CET) Or you might want to take a look at DES_ENCRYPT/DES_DECRYPT funktions in the mysql manual. On Sat, March 10, 2007 11:18, Ian P. Christian wrote: Neil Tompkins wrote: I'm looking to use MD5() to encrypt credit card numbers. How do I unencrypt this when reading the value ? you can't. Google for MD5, or better still look at wikipedia, I'm sure they will have something -- Ian P. Christian ~ http://pookey.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] _ MSN Hotmail is evolving - check out the new Windows Live Mail. http://ideas.live.co.uk/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] _ MSN Hotmail is evolving - check out the new Windows Live Mail http://ideas.live.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] _ MSN Hotmail is evolving - check out the new Windows Live Mail. http://ideas.live.co.uk/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] _ MSN Hotmail is evolving - check out the new Windows Live Mail http://ideas.live.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
MD5()
I'm looking to use MD5() to encrypt credit card numbers. How do I unencrypt this when reading the value ? Thanks, Neil _ Get Hotmail, News, Sport and Entertainment from MSN on your mobile. http://www.msn.txt4content.com/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5()
Neil Tompkins wrote: I'm looking to use MD5() to encrypt credit card numbers. How do I unencrypt this when reading the value ? you can't. Google for MD5, or better still look at wikipedia, I'm sure they will have something -- Ian P. Christian ~ http://pookey.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5()
What do you recommend I use ? From: Ian P. Christian [EMAIL PROTECTED] To: Neil Tompkins [EMAIL PROTECTED] CC: mysql@lists.mysql.com Subject: Re: MD5() Date: Sat, 10 Mar 2007 10:18:41 + Neil Tompkins wrote: I'm looking to use MD5() to encrypt credit card numbers. How do I unencrypt this when reading the value ? you can't. Google for MD5, or better still look at wikipedia, I'm sure they will have something -- Ian P. Christian ~ http://pookey.co.uk _ MSN Hotmail is evolving - check out the new Windows Live Mail. http://ideas.live.co.uk/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5()
Neil Tompkins wrote: What do you recommend I use ? http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html That should help you. However... keep in mind that if your application is likely to be accessing this data all the time anyway, if someone compromises your database, chances are they will compromise your code, leaving to them being able to get your key, and then decrypt all your data anyway. I'm not saying encrypting it in the database is pointless, it's just far from enough to say your data is secure. A quick google on the subject returned this: http://forums.mysql.com/read.php?30,14020,14020 which honestly, I've not read - but you might want to :) -- Ian P. Christian ~ http://pookey.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5()
The problem I have is our mysql database version is 3.23 and we are not in a position to upgrade. From: Ian P. Christian [EMAIL PROTECTED] To: Neil Tompkins [EMAIL PROTECTED] CC: mysql@lists.mysql.com Subject: Re: MD5() Date: Sat, 10 Mar 2007 10:24:45 + Neil Tompkins wrote: What do you recommend I use ? http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html That should help you. However... keep in mind that if your application is likely to be accessing this data all the time anyway, if someone compromises your database, chances are they will compromise your code, leaving to them being able to get your key, and then decrypt all your data anyway. I'm not saying encrypting it in the database is pointless, it's just far from enough to say your data is secure. A quick google on the subject returned this: http://forums.mysql.com/read.php?30,14020,14020 which honestly, I've not read - but you might want to :) -- Ian P. Christian ~ http://pookey.co.uk _ Txt a lot? Get Messenger FREE on your mobile. https://livemessenger.mobile.uk.msn.com/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5()
Neil Tompkins wrote: The problem I have is our mysql database version is 3.23 and we are not in a position to upgrade. Because you are unlikely to be selecting on this data directly, you could use functions of whatever language you're using to connect to the database... for example if you're using PHP... http://uk2.php.net/manual/en/ref.mcrypt.php I hope to god though your reason for not upgrading is because this is a shared host you're planning on storing credit card details on. Make sure you give the users a chance to opt out of you keeping that kind of data, and remember to never store the CVV number. -- Ian P. Christian ~ http://pookey.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5()
Or you might want to take a look at DES_ENCRYPT/DES_DECRYPT funktions in the mysql manual. On Sat, March 10, 2007 11:18, Ian P. Christian wrote: Neil Tompkins wrote: I'm looking to use MD5() to encrypt credit card numbers. How do I unencrypt this when reading the value ? you can't. Google for MD5, or better still look at wikipedia, I'm sure they will have something -- Ian P. Christian ~ http://pookey.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5()
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Before you implement anything, I would do a lot of research about encryption. No offense, but from your question, it is clear that you know next to nothing about encryption. That's fine. A few years ago, I was the exact same way. However, encryption is somewhat complex, so if you're going to do it, you should do it right. In my opinion, poorly implemented encryption can be worse than no encryption at all. You should also think carefully before storing customers credit card numbers. You should seriously consider whether or not it is really necessary to do so. If it is simply for the purpose of rebilling, a lot of credit card processing API's will handle this for you. Finally, what another poster said is right on the money. If you are in a shared hosting environment, do not even think about handling customers credit cards. There are too many ways security can be compromised on such systems. If that is in fact the case, I would suggest you outsource the customer billing. Remember also that security breaches of this type can seriously damage the reputation of any organization. Aaron - -- Skype: cannona MSN/Windows Messenger: [EMAIL PROTECTED] (don't send email to the hotmail address.) - - Original Message - From: Neil Tompkins [EMAIL PROTECTED] To: mysql@lists.mysql.com Sent: Saturday, March 10, 2007 4:17 AM Subject: MD5() I'm looking to use MD5() to encrypt credit card numbers. How do I unencrypt this when reading the value ? Thanks, Neil _ Get Hotmail, News, Sport and Entertainment from MSN on your mobile. http://www.msn.txt4content.com/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) - GPGrelay v0.959 Comment: Key available from all major key servers. iD8DBQFF8tlUI7J99hVZuJcRA+kXAKDEB6EU0QzTrTZu72wPUe+43Pi2TwCeKTFw UDnwBp4Wwt+/n4YAn6SPfl4= =HRjm -END PGP SIGNATURE- -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5()
DES_ENCRYPT/DES_DECRYPT appears to be what we require. Thanks Neil From: Mogens Melander [EMAIL PROTECTED] To: Neil Tompkins [EMAIL PROTECTED] CC: mysql@lists.mysql.com Subject: Re: MD5() Date: Sat, 10 Mar 2007 12:19:53 +0100 (CET) Or you might want to take a look at DES_ENCRYPT/DES_DECRYPT funktions in the mysql manual. On Sat, March 10, 2007 11:18, Ian P. Christian wrote: Neil Tompkins wrote: I'm looking to use MD5() to encrypt credit card numbers. How do I unencrypt this when reading the value ? you can't. Google for MD5, or better still look at wikipedia, I'm sure they will have something -- Ian P. Christian ~ http://pookey.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] _ MSN Hotmail is evolving - check out the new Windows Live Mail. http://ideas.live.co.uk/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
FW: Re: MD5()
Strange the DES_ENCRYPT/DES_DECRYPT functions work with my version of mySQL 3.23 From: Neil Tompkins [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: mysql@lists.mysql.com Subject: Re: MD5() Date: Sat, 10 Mar 2007 18:20:43 + DES_ENCRYPT/DES_DECRYPT appears to be what we require. Thanks Neil From: Mogens Melander [EMAIL PROTECTED] To: Neil Tompkins [EMAIL PROTECTED] CC: mysql@lists.mysql.com Subject: Re: MD5() Date: Sat, 10 Mar 2007 12:19:53 +0100 (CET) Or you might want to take a look at DES_ENCRYPT/DES_DECRYPT funktions in the mysql manual. On Sat, March 10, 2007 11:18, Ian P. Christian wrote: Neil Tompkins wrote: I'm looking to use MD5() to encrypt credit card numbers. How do I unencrypt this when reading the value ? you can't. Google for MD5, or better still look at wikipedia, I'm sure they will have something -- Ian P. Christian ~ http://pookey.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] _ MSN Hotmail is evolving - check out the new Windows Live Mail. http://ideas.live.co.uk/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] _ MSN Hotmail is evolving - check out the new Windows Live Mail http://ideas.live.co.uk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
password(), sha1() and md5()
Hello!
I am facing the following problem:
When using
'update TABLE set FIELD=PASSWORD('foo');'
the query
'select * from TABLE where FIELD=PASSWORD('foo');'
delivers an empty set.
Same with the SHA1 or MD5 functions.
I am using Mac OS X Tiger (same problem with Panther) and MySQL
4.1.12-standard.
First I thought the problem lies in text encoding of the terminal. But
using Java and the JConnector 3.1.10 didn't help.
Trying on WinXP produced a correct behavior using PASSWORD(), but SHA1()
and MD5() failed also.
Any suggestions?
Kind regards
Martin
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: password(), sha1() and md5()
On 18/08/2005, Martin Schwarz wrote:
When using
'update TABLE set FIELD=PASSWORD('foo');'
the query
'select * from TABLE where FIELD=PASSWORD('foo');'
delivers an empty set.
Same with the SHA1 or MD5 functions.
What is the data type of your FIELD column?
--
felix
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Storing manually diggested Passwords with MD5
Hello all, Is there any function that I could use on a SQL statement to store a password on a table manually using an algorithm like MD5? Thanks, C.F. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: Storing manually diggested Passwords with MD5
MySQL actually has an MD5() function:
mysql select MD5('password');
+--+
| MD5('password') |
+--+
| 5f4dcc3b5aa765d61d8327deb882cf99 |
+--+
1 row in set (0.18 sec)
Partha
--
Partha Dutta, Senior Consultant
MySQL Inc, NY, USA, www.mysql.com
Are you MySQL certified? www.mysql.com/certification
-Original Message-
From: C.F. Scheidecker Antunes [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 11, 2005 7:21 PM
To: mysql@lists.mysql.com
Subject: Storing manually diggested Passwords with MD5
Hello all,
Is there any function that I could use on a SQL statement to store a
password on a table manually using an algorithm like MD5?
Thanks,
C.F.
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Storing manually diggested Passwords with MD5
I am sorry. I meant another thing and wrote something else.
If I issue: INSERT INTO table1 values ('username',MD5('password'))
I will have the password stored in the database with MD5.
What I actually need is a manual way to get the password back, that is
decoding it.
By using a software this is easy but what I want to know is by using a
simple query operation.
Is there any functions that I can use inside a SELECT statement that
would show the password decoded?
Thanks,
C.F.
C.F. Scheidecker Antunes wrote:
Hello all,
Is there any function that I could use on a SQL statement to store a
password on a table manually using an algorithm like MD5?
Thanks,
C.F.
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Storing manually diggested Passwords with MD5
C.F. Scheidecker Antunes wrote:
I am sorry. I meant another thing and wrote something else.
If I issue: INSERT INTO table1 values ('username',MD5('password'))
I will have the password stored in the database with MD5.
What I actually need is a manual way to get the password back, that is
decoding it.
By using a software this is easy but what I want to know is by using a
simple query operation.
Is there any functions that I can use inside a SELECT statement that
would show the password decoded?
MD5 is not reversible.
But you could do something like
SELECT password=MD5(?)
to see if the password they supplied matches the one that was previously
stored.
Thanks,
C.F.
C.F. Scheidecker Antunes wrote:
Hello all,
Is there any function that I could use on a SQL statement to store a
password on a table manually using an algorithm like MD5?
Thanks,
C.F.
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Storing manually diggested Passwords with MD5
C.F. Scheidecker Antunes wrote: I will have the password stored in the database with MD5. What I actually need is a manual way to get the password back, that is decoding it. The whole point of MD5 is that you cannot decode it once encoded. When someone enters their password, just MD5 what they entered and compare it to the database. If it matches, they got it right. If not, they didn't. Jasper -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: functions md5, crypt
Hello. See: http://dev.mysql.com/doc/mysql/en/encryption-functions.html symbulos partners [EMAIL PROTECTED] wrote: Dear friends, where is the description of the functions md5 in the manual? where is the description of the function crypt()? are there are good alternatives? -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.NET http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Gleb Paharenko / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.NET ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
functions md5, crypt
Dear friends, where is the description of the functions md5 in the manual? where is the description of the function crypt()? are there are good alternatives? -- symbulos partners -.- symbulos - ethical services for your organisation http://www.symbulos.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: functions md5, crypt
On Monday, March 21, 2005 09:27, symbulos partners wrote: Dear friends, where is the description of the functions md5 in the manual? where is the description of the function crypt()? are there are good alternatives? http://dev.mysql.com/doc/mysql/en/encryption-functions.html -- Tom Crimmins Interface Specialist Pottawattamie County, Iowa -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: functions md5, crypt
Tom Crimmins wrote: On Monday, March 21, 2005 09:27, symbulos partners wrote: Dear friends, where is the description of the functions md5 in the manual? where is the description of the function crypt()? are there are good alternatives? http://dev.mysql.com/doc/mysql/en/encryption-functions.html Which is the first hit if you enter md5 crypt in the manual's search box. Michael -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: functions md5, crypt
On Monday 21 Mar 2005 16:32, Michael Stassen wrote: Which is the first hit if you enter md5 crypt in the manual's search box. I use the manual offline, because my connection is too slow. I wonder why the encryption-function chapter is not in my manual. -- symbulos partners -.- symbulos - ethical services for your organisation http://www.symbulos.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: functions md5, crypt
Please stop writing high priority e-mails to a mailinglist. Although the problem might be important for you, it's in no way important for the receiver (which is quite a lot of people). People will answer mailinglist questions for free, in their time. I hope you understand. -- Martijn Tonies -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Password (str) vs. MD5 (str)
does anyone know what type of encryption is used in the PASSWORD(str) function? When would you use the MD5 vs the PASSWORD function? We have a campus standard to use the MD5 encryption so I need to confirm if the PASSWORD function will offer that or not. Thanks, Lauren -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Password (str) vs. MD5 (str)
On Mon, Dec 06, 2004 at 04:21:38PM -0600, [EMAIL PROTECTED] wrote: does anyone know what type of encryption is used in the PASSWORD(str) function? When would you use the MD5 vs the PASSWORD function? We have a campus standard to use the MD5 encryption so I need to confirm if the PASSWORD function will offer that or not. As the manual says, the PASSWORD() function should not be used within your application. It is meant only for use with the built-in MySQL privilege tables. Use MD5() or SHA1() for your own applications. Jim Winstead MySQL Inc. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: md5 and table field types
Andy B [EMAIL PROTECTED] wrote: hi... what would be the best field type and length for an md5 encrypted password sort of thing?? You can store it in the CHAR(32) column (or VARCHAR(32)). -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Egor Egorov / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: md5 and table field types
Egor Egorov wrote: Andy B [EMAIL PROTECTED] wrote: hi... what would be the best field type and length for an md5 encrypted password sort of thing?? You can store it in the CHAR(32) column (or VARCHAR(32)). Or for binary MD5 (and not the hex version) a TINYBLOB(16) should also be OK. (And it's shorter.) - Cs. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
table dumps and md5
Hi, Is it totally possible that when dumping a db to a text file with mysqldump that any encrypted stuff in the tables will be lost? when I mean lost I mean that it isnt the same in a text file as it is when it was originally encrypted. I have a problem with creating a table with encrypted passwords with md5, dumping it to a text file with mysqldump and then running that script on a different server. For some strange reason the encrypted passwords lose their encrypted state and are nothing more now than text strings. Is there any way to preserve the state of md5 encrypted fields when doing a mysqldump?
md5 and table field types
hi... what would be the best field type and length for an md5 encrypted password sort of thing??
MD5-read permission?
Hey folks - While contemplating the design of a secure web database, an idea struck me. I'm thinking of submitting it as a feature request, so please critique it. I'm having php handle user logon with it's .htaccess emulation. I'm storing usernames and password hashes in a table. The problem is that php needs to open MySQL with *some user* with *some permission*, just to read the user table and check the password. So, It seems that I have to store the password plaintext somewhere in some php file. (I asked the list about this earlier and several others had great suggestions on how to hide this plain-text password -- Thanks Rob! -- but, can we make it better?) So if some wily hacker were to get the contents of this php file, s/he would get a username and password for the database. Now of course, I'm only going to give this user permission to read the user database, and all the passwords are hashed... but : I propose a new permission that I will call MD5read. It's like select, only it just returns hashes. So, say you do something like: SELECT password FROM user; 49726b60ccbf03d6c619632e1db6 f8ec2c9d79b5f969a96be968e7152bbd SELECT username, password FROM user; 24424b444b80831b677594a238f81dd9 | 4549625d8275b97b9b4f9662f1c550fa 1e5143d05b327f7d3cce15f9e3e44ad2 | fe3b4b388a69ceed38d6a0066e6a221b SELECT username+password+somethingelse FROM user; 49726b60ccbf03d6c619632e1db6 f8ec2c9d79b5f969a96be968e7152bbd So that way, if someone gets the username/password for this user, they can't get any data off of the database. One thing you have to watch is that you don't use the md5 function for a user that has only md5read permission, because that would double-hash it, and whatever you're checking would fail. I know you can do SELECT md5(username), md5(password) FROM user (or whatever the syntax is), but the user doing that has to have read permission already. So if a hacker gets that username and password, they are probably not going to hash data they are trying to get out of the database. I would feel safe storing a user's name and password in a plain text php script if they had only this permission. Is this useful? Are there any flaws in my reasoning? -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5-read permission?
While I understand the concern, it shouldn't be any easier for a hacker to see the raw text of your PHP files than to get directly to your database files. Neither is normally permitted by the web server. So if he somehow can get in and get one, why not the other? That said, if it makes you feel more comfortable, you could create a user id that has permission only to read the user table -- no other tables, no other access. If the passwords on the user table are encrypted, then even if he could somehow access your database without going through one of your existing programs, all he could find out would be user names and not passwords. I suppose you could encrypt user names on that table too, and then you'd have exactly what you're looking for. In any case, even if a hacker could somehow see your PHP files and get a password, then unless you have the mySQL port open to the world, there's no way for him to do his own query unless he can also somehow drop PHP or whatever files on your system and run them. Unless you have your mySQL port open to the world, which would be a way bigger security risk than anything you've discussed so far. If you don't have a firewall that keeps the world out of your PHP port, you should at least have your ids set up to only allow local access. 2003. 8. 14. ... 12:50.Nils Valentin : while the general idea sounds not to bad, I guess the bad guess would I meant the bad guys - what a silly typo ;-) just use a undecrypt function wich they either develop themself or get from somewhere. 2003. 8. 14. ... 03:07.Lefevre, Steven : Hey folks - While contemplating the design of a secure web database, an idea struck me. I'm thinking of submitting it as a feature request, so please critique it. I'm having php handle user logon with it's .htaccess emulation. I'm storing usernames and password hashes in a table. The problem is that php needs to open MySQL with *some user* with *some permission*, just to read the user table and check the password. So, It seems that I have to store the password plaintext somewhere in some php file. (I asked the list about this earlier and several others had great suggestions on how to hide this plain-text password -- Thanks Rob! -- but, can we make it better?) So if some wily hacker were to get the contents of this php file, s/he would get a username and password for the database. Now of course, I'm only going to give this user permission to read the user database, and all the passwords are hashed... but : I propose a new permission that I will call MD5read. It's like select, only it just returns hashes. So, say you do something like: SELECT password FROM user; 49726b60ccbf03d6c619632e1db6 f8ec2c9d79b5f969a96be968e7152bbd SELECT username, password FROM user; 24424b444b80831b677594a238f81dd9 | 4549625d8275b97b9b4f9662f1c550fa 1e5143d05b327f7d3cce15f9e3e44ad2 | fe3b4b388a69ceed38d6a0066e6a221b SELECT username+password+somethingelse FROM user; 49726b60ccbf03d6c619632e1db6 f8ec2c9d79b5f969a96be968e7152bbd So that way, if someone gets the username/password for this user, they can't get any data off of the database. One thing you have to watch is that you don't use the md5 function for a user that has only md5read permission, because that would double-hash it, and whatever you're checking would fail. I know you can do SELECT md5(username), md5(password) FROM user (or whatever the syntax is), but the user doing that has to have read permission already. So if a hacker gets that username and password, they are probably not going to hash data they are trying to get out of the database. I would feel safe storing a user's name and password in a plain text php script if they had only this permission. Is this useful? Are there any flaws in my reasoning? -- --- Valentin Nils Internet Technology E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils -- --- Valentin Nils Internet Technology E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5-read permission?
2003 8 14 12:50Nils Valentin : Hi Steven, while the general idea sounds not to bad, I guess the bad guess would I meant the bad guys - what a silly typo ;-) just use a undecrypt function wich they either develop themself or get from somewhere. Best regards Nils Valentin Tokyo/Japan 2003 8 14 03:07Lefevre, Steven : Hey folks - While contemplating the design of a secure web database, an idea struck me. I'm thinking of submitting it as a feature request, so please critique it. I'm having php handle user logon with it's .htaccess emulation. I'm storing usernames and password hashes in a table. The problem is that php needs to open MySQL with *some user* with *some permission*, just to read the user table and check the password. So, It seems that I have to store the password plaintext somewhere in some php file. (I asked the list about this earlier and several others had great suggestions on how to hide this plain-text password -- Thanks Rob! -- but, can we make it better?) So if some wily hacker were to get the contents of this php file, s/he would get a username and password for the database. Now of course, I'm only going to give this user permission to read the user database, and all the passwords are hashed... but : I propose a new permission that I will call MD5read. It's like select, only it just returns hashes. So, say you do something like: SELECT password FROM user; 49726b60ccbf03d6c619632e1db6 f8ec2c9d79b5f969a96be968e7152bbd SELECT username, password FROM user; 24424b444b80831b677594a238f81dd9 | 4549625d8275b97b9b4f9662f1c550fa 1e5143d05b327f7d3cce15f9e3e44ad2 | fe3b4b388a69ceed38d6a0066e6a221b SELECT username+password+somethingelse FROM user; 49726b60ccbf03d6c619632e1db6 f8ec2c9d79b5f969a96be968e7152bbd So that way, if someone gets the username/password for this user, they can't get any data off of the database. One thing you have to watch is that you don't use the md5 function for a user that has only md5read permission, because that would double-hash it, and whatever you're checking would fail. I know you can do SELECT md5(username), md5(password) FROM user (or whatever the syntax is), but the user doing that has to have read permission already. So if a hacker gets that username and password, they are probably not going to hash data they are trying to get out of the database. I would feel safe storing a user's name and password in a plain text php script if they had only this permission. Is this useful? Are there any flaws in my reasoning? -- --- Valentin Nils Internet Technology E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils -- --- Valentin Nils Internet Technology E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: MD5-read permission?
Hi Steven, while the general idea sounds not to bad, I guess the bad guess would just use a undecrypt function wich they either develop themself or get from somewhere. Best regards Nils Valentin Tokyo/Japan 2003 8 14 03:07Lefevre, Steven : Hey folks - While contemplating the design of a secure web database, an idea struck me. I'm thinking of submitting it as a feature request, so please critique it. I'm having php handle user logon with it's .htaccess emulation. I'm storing usernames and password hashes in a table. The problem is that php needs to open MySQL with *some user* with *some permission*, just to read the user table and check the password. So, It seems that I have to store the password plaintext somewhere in some php file. (I asked the list about this earlier and several others had great suggestions on how to hide this plain-text password -- Thanks Rob! -- but, can we make it better?) So if some wily hacker were to get the contents of this php file, s/he would get a username and password for the database. Now of course, I'm only going to give this user permission to read the user database, and all the passwords are hashed... but : I propose a new permission that I will call MD5read. It's like select, only it just returns hashes. So, say you do something like: SELECT password FROM user; 49726b60ccbf03d6c619632e1db6 f8ec2c9d79b5f969a96be968e7152bbd SELECT username, password FROM user; 24424b444b80831b677594a238f81dd9 | 4549625d8275b97b9b4f9662f1c550fa 1e5143d05b327f7d3cce15f9e3e44ad2 | fe3b4b388a69ceed38d6a0066e6a221b SELECT username+password+somethingelse FROM user; 49726b60ccbf03d6c619632e1db6 f8ec2c9d79b5f969a96be968e7152bbd So that way, if someone gets the username/password for this user, they can't get any data off of the database. One thing you have to watch is that you don't use the md5 function for a user that has only md5read permission, because that would double-hash it, and whatever you're checking would fail. I know you can do SELECT md5(username), md5(password) FROM user (or whatever the syntax is), but the user doing that has to have read permission already. So if a hacker gets that username and password, they are probably not going to hash data they are trying to get out of the database. I would feel safe storing a user's name and password in a plain text php script if they had only this permission. Is this useful? Are there any flaws in my reasoning? -- --- Valentin Nils Internet Technology E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
MD5
Hi everyone, Can anyone tell me how to create an MD5 checksum on a file. I tried to do this by using the MySQL MD5 function, but it does not work on too big files (above 650MB), even if I set max_allow_packet size very big. Is there any small program to do this, anyway? Thx Daniel - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MD5
If you are running Linix, at the prompt type: md5sum filename I'm sure you can get md5sum for other Unices as well. j- k- On Thursday 20 June 2002 13:00, Kiss Dániel wrote: Hi everyone, Can anyone tell me how to create an MD5 checksum on a file. I tried to do this by using the MySQL MD5 function, but it does not work on too big files (above 650MB), even if I set max_allow_packet size very big. Is there any small program to do this, anyway? Thx Daniel -- Joshua Kugler, Information Services Director Associated Students of the University of Alaska Fairbanks [EMAIL PROTECTED], 907-474-7601 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: MD5
-Original Message- From: Joshua J.Kugler [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 4:30 PM To: Kiss Dániel; [EMAIL PROTECTED] Subject: Re: MD5 If you are running Linix, at the prompt type: md5sum filename I'm sure you can get md5sum for other Unices as well. It's either md5 or md5sum on most UNIX-like operating systems. I don't think the MySQL MD5 function is designed for large amounts of data. Escapade provides it's own MD5 function because of this, I'm not sure about PHP. -- Ed Carp, N7EKG http://www.pobox.com/~erc 214/986-5870 Director, Software Development Escapade Server-Side Scripting Engine Development Team Pensacola - Dallas - London - Dresden http://www.squishedmosquito.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
MD5
Hi, Can I use the MD5 function in the where clause, as in: Select * from table where md5(column)=value spam filter: mysql Andrew Hazen - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MD5
On Tuesday 09 April 2002 2:13 pm, Andrew Hazen wrote: Hi, Can I use the MD5 function in the where clause, as in: Select * from table where md5(column)=value I see no reason why not but note that you are likely MUCH better off storing column as an MD5 hash, computing the MD5 of value, and then doing your select on that. That way, you won't have to calculate an MD5 value n times, where n is the number of rows in your table. sql filter daemon sucks. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
encode/password/encrypt/md5
the password function can not be decrypted can it, `cuz i need to show the users' pass to the sis adm therefore i am considering to use the encode/decode functions, although i am not secure to use those functions, i have read in somewhere its not so confident. does anybody here have some experience with the enc/dec func which can share? thanks this to bypass the the filter esql,query idéias.ual.. Idéias Pontual Desenvolvimento de Software Ltda. Ricardo Striquer Soares CEO e-bussines Fone: +55 (41) 322-9373 Cel: +55 (41) 9908-3862 Fax: +55 (41) 223-7865 Mr. Lucro : www.mrlucro.com.br - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Efficiently storing md5
On 25 Jan 2002 07:05:32 +0800, [EMAIL PROTECTED] (Steven Roussey) wrote: Does anyone have a best practices for efficiently storing md5 hash values in MySQL? --snip-- Md5 hash-- 16 bytes. char(32) binary -- 32 bytes. BIGINT -- 8 bytes --snip-- Or you can use base64, which uses 22 bytes per hash. What I use is the last 8 bytes of the hash and store it as a bigint. I use the hash only for collision detection, 64 bits will allow over 4 billion entries before the odds of a single incorrect collision reaches 50%. Since my total database is in the 10's of millions I have very little to worry about. Note: This reply was originally posted to mailing.database.mysql instead of this list. FVA - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Efficiently storing md5
Does anyone have a best practices for efficiently storing md5 hash values in MySQL? Since it is a 32 character string of hex numbers, I originally stored them in a char(32) binary column. But that is wasted space (by a factor of 2). And of course, these things add up, both in data files and indexes. Md5 hash-- 16 bytes. char(32) binary -- 32 bytes. BIGINT -- 8 bytes My thought right now is to convert the md5 hash into two BIGINT numbers and visa-versa. High BIGINT = conv(left(md5,16),16,10) Low BIGINT = conv(right(md5,16),16,10) And reversing: Md5 = concat(lpad(conv(high,10,16),16,'0'),lpad(conv(low,10,16),16,'0')) I suppose there is some point (in terms of the number of rows) where storing more efficiently outweighs the conversion functions, and I assume that I'm past that point. Is there a better way to convert these? Just a note: there is no 128-bit integer type and CONV() only works with up to 64-bit 8-byte numbers anyway. Sincerely, Steven Roussey http://Network54.com/?pp=e - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Store MD5 hash values
Whats the best way, any realy good space saving way to store a MD5 value? /roger
Re: Store MD5 hash values
Make them a char(32). They will also be 32 chars long, have the DB expect that. At 10:48 AM 3/21/2001 -0600, roger westin wrote: Whats the best way, any realy good space saving way to store a MD5 value? /roger - Scott Baker - Webster Internet - Network Technician 503.266.8253 - [EMAIL PROTECTED] "Even death is not to be feared by one who has lived wisely." - Buddha - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
