MYSQL's password() function or md5()?

Mysql has the built-in password() function for encrypting passwords. Is there any reason I should use PHP’s md5() function instead?

They both do different things.

Thanks much. Question:

“consider MD5() or SHA2() instead”

Is the quote referring to mysql functions or php?

No problem.

I would guess either, it’s really up to you as long as you’re consistent.


Thanks again. I found the following information: “In MySQL you can generate hashes internally using the password(), md5(), or sha1 functions. password() is the function used for MySQL’s own user authentication system. It returns a 16-byte string for MySQL versions prior to 4.1, and a 41-byte string (based on a double SHA-1 hash) for versions 4.1 and up. md5() is available from MySQL version 3.23.2 and sha1() was added later in 4.0.2. Note: Using MySQL’s password() function in your own applications isn’t recommended - the algorithm used has changed over time and prior to 4.1 was particularly weak.”

I got this from This great article on PHP password hashing