problem with hash function

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • itsmenarwal
    New Member
    • Jan 2010
    • 20
    #1

    problem with hash function

    Hi

    I want that nobody can see my password even in database..

    So i used hash function like this

    Code:
    $passowrd_hash=hash('shal',$_POST['password']);
    NOw easily i can store this password_hash value into database...It will be something like in encrypted form...

    Now user know its origional password he dont know this encrypted password..

    Now if he try to login through this origional password..He is not able to login.

    So is there any method so that it can be decrypted and usercan make log in ...So he can acheiev both security of passowrd as well as login again...


    How to do this
    Last edited by Atli; Jan 25 '10, 02:45 PM. Reason: Added [code] tags.
    Tags: None
    • zorgi
      Recognized Expert Contributor
      • Mar 2008
      • 431
      #2
      So is there any method so that it can be decrypted and usercan make log in ...So he can acheiev both security of passowrd as well as login again...
      I am not sure if I understood this but ... You should not decrypt password once stored in the database. Instead you should encrypt whatever user provides as his password (when trying to log in) and than compare it with encrypted password in your database. That way no one except user (including you if you used sha1) knows his/hers password.

        Comment

        • Atli
          Recognized Expert Expert
          • Nov 2006
          • 5062
          #3
          Hey.

          You don't need to decrypt the hash to log the user in. You simply fetch the hash from the database, hash the password he is trying to log in with, and compare the two. If they match, log him in.

          Also, there is a typo in the name of your hashing algorithm. It is supposed to be SHA1 (SHA-one), not SHAL ;-)
          The case shouldn't matter. (That is: SHA1 == sha1)

            Comment

            • RedSon
              Recognized Expert Expert
              • Jan 2007
              • 4980
              #4
              Just for future reference, creating a hash is a "one-way" function. There is no "undo" for that. You cannot recover the original input from a hash (theoretically) .

                Comment

                Previous template Next
                Working...