Deleted User
Collection of nobodies
|
|
Hey guys,
I found a good web host recently, and have been working on a webpage. As an exercise, I'm building a user-based system from the ground up. What should I do for passwords? Obviously it wouldn't be a good idea to store the passwords in plain text in the database... I'm thinking of one-way-encrypting passwords as they come in, and comparing the encrypted versions. Is this a good or feasible idea? If so, what sort of encryption algorithm would be useful?
The host does support PHP and MySQL.
____________________
===================
[Posted by IIMarckus]
|
Xkeeper
Level: 263
   
Posts: 3856/25353
EXP: 297140452
For next: 1820001
Since: 07-03-07
Pronouns: they/them/????????
Since last post: 3 days
Last activity: 45 min.
|
|
I've heard fairly decent things about RSA, but there's always salted MD5 as a backup if nothing else.
____________________
|
 |
|
chungy
Member
Level: 31
Posts: 101/174
EXP: 168443
For next: 16920
Since: 08-04-07
Since last post: 14.1 years
Last activity: 13.9 years
|
|
| SHA-1 is week too; I'd use at least SHA-256 for storing the hashes. |
Lyskar
12210    
-The Chaos within trumps the Chaos without-
Level: 192
Posts: 859/12211
EXP: 99320930
For next: 552641
Since: 07-03-07
From: 52-2-88-7
Since last post: 7.4 years
Last activity: 7.3 years
|
| Posted on 12-07-07 03:47:56 PM (last edited by Metal_Man88 at 12-07-07 12:48 PM) |
Link | Quote
| |
12-07-07 09:47:56am
859 posts
157 days |  |  | While we're speaking about this, how would one go about implementing (insert non-md5 encryption scheme here) in PHP?
(Primarily I am asking for the command to call it with, if any.)
____________________
| | "My name is Ozymandias, king of kings: Look on my works, ye mighty, and despair!" Nothing beside remains: round the decay Of that colossal wreck, boundless and bare, The lone and level sands stretch far away. -Shelley |  |
|
Rena
I had one (1) message in Discord deleted and proceeded to make a huge, huge mess about how it was a violation of free speech and how moderators are supposed to be spam janitors and nobody should have the right to tell me not to talk about school shootings
Level: 135
Posts: 1749/5390
EXP: 29075497
For next: 259508
Since: 07-22-07
Pronouns: he/him/whatever
From: RSP Segment 6
Since last post: 342 days
Last activity: 342 days
|
|
Jul - Post #1749 - 12-07-07 11:46:28am For SHA1: sha1($text);
For others: hash('sha256', $text); etc. ____________________ |
chungy
Member
Level: 31
Posts: 102/174
EXP: 168443
For next: 16920
Since: 08-04-07
Since last post: 14.1 years
Last activity: 13.9 years
|
|
Trick question on the grounds that MD5 is not encryption. 
In seriousness, there's two possible things you'd probably want to use. First is the hash function, as stated above, second is mcrypt functions, this gives you various encryption routines (requires the mcrypt module); of course they have varying degress of strength, generally you might want to aim for RIJNDAEL_256 or BLOWFISH, as they both provide pretty much rock-solid security (even the CIA, etc aprove of their use for confidential documents, that should tell you enough) |
