MySQL Lists are EOL. Please join:

List:General Discussion« Previous MessageNext Message »
From:Daniel Kiss Date:August 29 2002 4:19am
Subject:Re: mysql password ( )
View as plain text  
Hi,

The password() function is a "one way encoder". In other words it just 
generates some kind of checksum of the input parameter.
So you cannot decrypt them, but it is much safer than encrypting and 
decrypting strings, because even the attacker cannot decrypt them. :-)

You can use it this way for example:

Let's say my password is: abcdef

Password('abcdef') -> 0bc7a0b7062090d5 (You must store this checksum in the 
database.)

When you want to check if the password entered by the user is correct, you 
need to do this:

The password entered by the user: abcdeg

You call the password function:

Password('abcdeg') -> 0bc7a2b806208ed6

Compare the stored checksum and this one: NOT EQUAL -> entered password is bad


Notice that if there is only a small difference between the right and the 
entered words the checksum will be different in many aspects. That's why it 
is quite safe.

But you can get better protecting if you use the MD5 function. It works the 
same way than the password function, but generates 32 character long 
checksum instead of 16.



At 10:47 2002.08.28._ -0600, you wrote:
>I have used the mysql password(\"$pass \") function in the past to encrypt
>passwords into the db. but can not decrypt  them if needed. I know this is
>not something new.
>
>Is there a better way to protect passwords in the db and then decrypt them
>if needed ?
>
>Thanks
>
>Mark
>
>
>---------------------------------------------------------------------
>Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
>
>To request this thread, e-mail <mysql-thread118248@stripped>
>To unsubscribe, e-mail <mysql-unsubscribe-niel=mailbox.hu@stripped>
>Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Thread
MS Access and mySQLJonathan Coleman28 Aug
  • RE: MS Access and mySQLBryant Hester28 Aug
    • RE: MS Access and mySQLNicholas Stuart28 Aug
      • RE: MS Access and mySQLRoger Davis28 Aug
        • RE: MS Access and mySQLNicholas Stuart28 Aug
        • Re: MS Access and mySQLGelu Gogancea28 Aug
  • mysql password ( )Mark Stringham28 Aug
    • Re: mysql password ( )Leonardo Javier BelĂ©n28 Aug
    • Re: mysql password ( )Daniel Kiss29 Aug
  • Re: mysql password ( )Randy Johnson29 Aug
Re: MS Access and mySQLNicholas Stuart28 Aug
  • RE: MS Access and mySQLMary Stickney28 Aug
    • Re: MS Access and mySQLMark Matthews28 Aug
      • RE: MS Access and mySQLMary Stickney28 Aug
        • Re: RE: MS Access and mySQLEgor Egorov29 Aug
Re: MS Access and mySQLArthur Fuller28 Aug
  • Re: MS Access and mySQLNicholas Stuart29 Aug
Re: mysql password ( )Daniel Kiss29 Aug