SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Guru CompiledMonkey's Avatar
    Join Date
    Sep 2002
    Location
    Richmond, VA
    Posts
    975
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Encrypting passwords

    I want to be able to encrypt and decrypt passwords in my database. For some reason, I feel like the Password function is a one way deal. Can anyone confirm or deny this for me? Is there something better I should be using?

  2. #2
    minister of propaganda silver trophy Rynoguill's Avatar
    Join Date
    Feb 2004
    Location
    Midsouth
    Posts
    1,373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by CompiledMonkey
    I want to be able to encrypt and decrypt passwords in my database. For some reason, I feel like the Password function is a one way deal. Can anyone confirm or deny this for me? Is there something better I should be using?
    what programming language are you using? most of your languages have functions that handle this stuff pretty well...
    rynoguill
    Ryan Guill, AKA Mark Roman

  3. #3

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by http://www.mysql.com/doc/en/Encryption_functions.html
    Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead.
    If you also wish to actually decrypt the password again you need to use one of the *ENCRYPT/*DECRYPT functions or ENCODE/DECODE instead.

  4. #4
    SitePoint Guru CompiledMonkey's Avatar
    Join Date
    Sep 2002
    Location
    Richmond, VA
    Posts
    975
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    C#. I was thinking about doing that, but I think handling it at the SQL level would be better and probably faster. I really don't need to know the password hash in my program, so it would just be easier to return the password. Actually, maybe I don't need to decrypt the passwords. I guess I could just compare the stored hash in the database with one generated by the password they fill in the login form. Would that work ok?

  5. #5

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by CompiledMonkey
    Actually, maybe I don't need to decrypt the passwords. I guess I could just compare the stored hash in the database with one generated by the password they fill in the login form. Would that work ok?
    Sure .

  6. #6
    SitePoint Guru CompiledMonkey's Avatar
    Join Date
    Sep 2002
    Location
    Richmond, VA
    Posts
    975
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    drzoid, thanks for the info! Do you think I'd be ok just comparing hashes instead of decrypting the password? Also, which is better for somewhat (50 char) short text, MD5 or SHA1?

  7. #7

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by CompiledMonkey
    Also, which is better for somewhat (50 char) short text, MD5 or SHA1?
    I dont think there is much of an actual difference .

  8. #8
    SitePoint Guru CompiledMonkey's Avatar
    Join Date
    Sep 2002
    Location
    Richmond, VA
    Posts
    975
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok cool, thanks for your help! I'll give this a whirl later today.

  9. #9
    minister of propaganda silver trophy Rynoguill's Avatar
    Join Date
    Feb 2004
    Location
    Midsouth
    Posts
    1,373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by CompiledMonkey
    Do you think I'd be ok just comparing hashes instead of decrypting the password?
    im not absolutely positive im understanding your question correctly, but yeah, if you are comparing the hashes that should be just as good if not better than decrypting the password
    rynoguill
    Ryan Guill, AKA Mark Roman


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •