Advice wanted for storing passwords in a database

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Fred Emmott
    #1

    Advice wanted for storing passwords in a database

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi - just wondering how I should store passwords in a database - I was
    thinking MD5 hashes would be a good idea - but I've heard it's better to
    "salt" them - how would I do this?

    I've tried google, but most of the results seem to be written by people with
    no idea of security implementations , thinking that "encryption " = "magic
    security dust".

    Thanks,

    Fred Emmott
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (GNU/Linux)

    iD8DBQFAmfo3ima 0zti2BQgRAv5OAJ wNvO4UjAzPtohvw l2/OrDnTb0HVQCggKq e
    2sQOjT+3FMx1wPq L5V0wpeA=
    =E0Xa
    -----END PGP SIGNATURE-----
    Tags: None
    • Tony Marston
      #2
      Re: Advice wanted for storing passwords in a database

      MD5 does not allow a separate 'salt' or 'key' to be input, just the string
      to be hashed. To get around this you can attach another string of text
      either to the front or the end of the password before you encrypt it.

      If you want to be able to decrypt your passwords then take a look at
      http://www.tonymarston.co.uk/php-mysql/encryption.html. This describes a
      reversible encryption routine which uses a 'key', without which you cannot
      decrypt. It is customisable in that you can alter the encryption algorithm
      and specify your own key.

      HTH.

      --
      Tony Marston
      Tony Marston's Web Site
      http://www.tonymarston.net
      This is Tony Marston's web site, containing personal information plus pages devoted to the Uniface 4GL development language, XML and XSL, PHP and MySQL, and a bit of COBOL




      "Fred Emmott" <pcfreak65@hotm ail.com> wrote in message
      news:paapm1-fe2.ln1@fred.la n...[color=blue]
      > -----BEGIN PGP SIGNED MESSAGE-----
      > Hash: SHA1
      >
      > Hi - just wondering how I should store passwords in a database - I was
      > thinking MD5 hashes would be a good idea - but I've heard it's better to
      > "salt" them - how would I do this?
      >
      > I've tried google, but most of the results seem to be written by people[/color]
      with[color=blue]
      > no idea of security implementations , thinking that "encryption " = "magic
      > security dust".
      >
      > Thanks,
      >
      > Fred Emmott
      > -----BEGIN PGP SIGNATURE-----
      > Version: GnuPG v1.2.2 (GNU/Linux)
      >
      > iD8DBQFAmfo3ima 0zti2BQgRAv5OAJ wNvO4UjAzPtohvw l2/OrDnTb0HVQCggKq e
      > 2sQOjT+3FMx1wPq L5V0wpeA=
      > =E0Xa
      > -----END PGP SIGNATURE-----[/color]


        Comment

        • Fred Emmott
          #3
          Re: Advice wanted for storing passwords in a database

          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA1

          Tony Marston wrote:
          [color=blue]
          > MD5 does not allow a separate 'salt' or 'key' to be input, just the string
          > to be hashed. To get around this you can attach another string of text
          > either to the front or the end of the password before you encrypt it.
          >
          > If you want to be able to decrypt your passwords then take a look at
          > http://www.tonymarston.co.uk/php-mysql/encryption.html. This describes a
          > reversible encryption routine which uses a 'key', without which you cannot
          > decrypt. It is customisable in that you can alter the encryption algorithm
          > and specify your own key.
          >
          > HTH.
          >[/color]
          Nah i want a hash - thanks tho
          -----BEGIN PGP SIGNATURE-----
          Version: GnuPG v1.2.2 (GNU/Linux)

          iD8DBQFAmhLwima 0zti2BQgRAmLGAJ 9hZAc267gCVY4dQ Y5veZuYoZh2cgCd Fdtl
          9vrUg6n0Djwmp3x jMUehrpk=
          =Dolb
          -----END PGP SIGNATURE-----

            Comment

            Previous template Next
            Working...