Mysql has the built-in password() function for encrypting passwords. Is there any reason I should use PHP’s md5() function instead?
They both do different things.
Thanks much. Question:
“consider MD5() or SHA2() instead”
Is the quote referring to mysql functions or php?
No problem.
I would guess either, it’s really up to you as long as you’re consistent.
Thanks again. I found the following information: “In MySQL you can generate hashes internally using the password(), md5(), or sha1 functions. password() is the function used for MySQL’s own user authentication system. It returns a 16-byte string for MySQL versions prior to 4.1, and a 41-byte string (based on a double SHA-1 hash) for versions 4.1 and up. md5() is available from MySQL version 3.23.2 and sha1() was added later in 4.0.2. Note: Using MySQL’s password() function in your own applications isn’t recommended - the algorithm used has changed over time and prior to 4.1 was particularly weak.”
I got this from This great article on PHP password hashing