Passwords [Archive] - CodingForums.com

View Full Version : Passwords

duniyadnd

05-15-2003, 09:13 AM

I got a database full of login names and passwords. Is there a particular way I'm supposed to save the password so that its not retrievable as easily as other data in the other tables?

I checked out base64_encode(), crypt etc.

Curious what all everyone else uses.

Thanks
Duniyadnd

Weirdan

05-15-2003, 09:48 AM

Usually crypt is enough. I use it quite often to store passwords... mostly 'coz I don't want to know users' passwords ;)

duniyadnd

05-15-2003, 09:52 AM

Yeah, that's what I like about base64_encode as well. The problem with crypt is that I can't figure out of how to remind the user their old password instead of creating a new one for them.

Weirdan

05-15-2003, 10:08 AM

You can't. crypt is one way function... supposed to be so, at least.

mordred

05-15-2003, 12:46 PM

Passwords stored as encrypted hashes is common practice. If the user forgets his password, you have to reset the password to a new hash. Problem is only that the user must identify himself to you before doing that. Details here in this thread:
http://www.codingforums.com/showthread.php?s=&threadid=16076&highlight=decrypt

missing-score

05-15-2003, 01:25 PM

You can decrypt crypt but only if you specify no salt.

$str = crypt("Hello");

if(crypt("Hello", $str) == $str)
{
// match
}

whackaxe

05-15-2003, 03:14 PM

i prefer the md5() function personnaly

mordred

05-15-2003, 04:10 PM

@missing-score:
Something's wrong with the syntax of your example, and even then, I doubt it's proving your point. Where do you decrypt the encrypted string?

missing-score

05-15-2003, 08:22 PM

I have fixed the error.

I see now what I did, and I should have known that I cant decrypt it :(

but that is my usual method.

bored

05-16-2003, 07:35 AM

$password = md5(uniqid("userpass"));

ALWAYS unique and VERY difficult to guess.

Phantom

05-16-2003, 11:41 AM

I've always thought that md5 was the best encryption method...

Siriuskr

05-16-2003, 11:43 AM

what does the unique do ?

bored

05-16-2003, 04:42 PM

MD5 is pretty industry standard, but not standalone. It's still pretty easy to guess because all you have to do is encrypt a word list as you would encrypting a password to check against. It's nto enough deterrent for me.

Uniqid is a function that PHP has that generates a unique id based off of the current timestamp. Meaning that the id it produces will ALWAYS be different becuase time never repeats itself.

You can set parameters inside the uniqid function to make it even more unique. That's why I added the userpass in between all the encryption antics as a seed for production.

Hope that explained enough.

http://www.php.net/manual/en/function.uniqid.php