List:General Discussion« Previous MessageNext Message »
From:Michael Collins Date:August 11 2002 5:27pm
Subject:Re: Need reversible encryption as string
View as plain text  
At 12:07 PM -0500 8/11/02, Paul DuBois wrote:
>If you write the query like that, yes, it will use a complete scan.
>But you could also use
>
>... AND LoginPassword = ENCODE($PasswordEntered,'MySalt')
>
>which doesn't perform a calculation on the LoginPassword column and thus
>can use an index.  This is similar to your query below, but I think you
>want ENCODE(), not DECODE(), since you're storing encrypted strings.


Thank you Paul for the clarification.


At 5:30 PM +0100 8/11/02, Mike Hall wrote:
>An easier (and more secure) way, surely, is to use one-way encryption... and
>if a user forgets his/her password, replace it with a random alphanumeric
>string and mail that to them instead with instructions to change it to one
>of their own choosing as soon as possible.


I will consider this option since I have just learned that Encode 
cannot be used  since it stores the value as binary. Another 
application that uses the database apparently cannot work with this 
binary value.

In addition, I would rather not use MySQL 4 until it is beta (at 
least) and so will have to wait to use AES_ENCRYPT() and 
AES_DECRYPT(), but would this be my solution if I was using MySQL 4?

In conclusion, there is no reversible encryption available in MySQL 
3.+ that can be stored as a text string(?)

-- 
Michael
__
||| Michael Collins       |||
||| Kuwago Inc            |||      mailto:mcollins@stripped
||| Seattle, WA, USA      |||      http://www.lassodev.com
Thread
Need reversible encryption as stringMichael Collins11 Aug
  • Re: Need reversible encryption as stringMike Hall11 Aug
    • Re: Need reversible encryption as stringMichael Collins11 Aug
    • Re: [OT] assigning new passwords (was: Need reversible encryption as string)Benjamin Pflugmann11 Aug
  • Re: Need reversible encryption as stringPaul DuBois11 Aug
    • Re: Need reversible encryption as stringBenjamin Pflugmann11 Aug
      • Re: Need reversible encryption as stringPaul DuBois11 Aug
  • Re: [OT] assigning new passwords (was: Need reversible encryption as string)Mike Hall11 Aug
    • Re: [OT] assigning new passwords (was: Need reversible encryptionas string)Joe Shear12 Aug
Re: Need reversible encryption as stringMichael Collins11 Aug