I want to be able to encrypt and decrypt passwords in my database. For some reason, I feel like the Password function is a one way deal. Can anyone confirm or deny this for me? Is there something better I should be using?
| SitePoint Sponsor |
I want to be able to encrypt and decrypt passwords in my database. For some reason, I feel like the Password function is a one way deal. Can anyone confirm or deny this for me? Is there something better I should be using?
what programming language are you using? most of your languages have functions that handle this stuff pretty well...Originally Posted by CompiledMonkey
rynoguill
Ryan Guill, AKA Mark Roman
If you also wish to actually decrypt the password again you need to use one of the *ENCRYPT/*DECRYPT functions or ENCODE/DECODE instead.
C#. I was thinking about doing that, but I think handling it at the SQL level would be better and probably faster. I really don't need to know the password hash in my program, so it would just be easier to return the password. Actually, maybe I don't need to decrypt the passwords. I guess I could just compare the stored hash in the database with one generated by the password they fill in the login form. Would that work ok?
Sure.
drzoid, thanks for the info! Do you think I'd be ok just comparing hashes instead of decrypting the password? Also, which is better for somewhat (50 char) short text, MD5 or SHA1?
I dont think there is much of an actual difference.
Ok cool, thanks for your help! I'll give this a whirl later today.
im not absolutely positive im understanding your question correctly, but yeah, if you are comparing the hashes that should be just as good if not better than decrypting the password
rynoguill
Ryan Guill, AKA Mark Roman
Posting Permissions
Bookmarks