MySQL Lists are EOL. Please join:

List:General Discussion« Previous MessageNext Message »
From:Randy Johnson Date:August 29 2002 4:32am
Subject:Re: mysql password ( )
View as plain text  
so md5 would be the securest way to handle password security for a website?


Randy
----- Original Message -----
From: "Daniel Kiss" <niel@stripped>
To: <mysql@stripped>
Sent: Thursday, August 29, 2002 12:19 AM
Subject: Re: mysql password ( )


> Hi,
>
> The password() function is a "one way encoder". In other words it just
> generates some kind of checksum of the input parameter.
> So you cannot decrypt them, but it is much safer than encrypting and
> decrypting strings, because even the attacker cannot decrypt them. :-)
>
> You can use it this way for example:
>
> Let's say my password is: abcdef
>
> Password('abcdef') -> 0bc7a0b7062090d5 (You must store this checksum in
the
> database.)
>
> When you want to check if the password entered by the user is correct, you
> need to do this:
>
> The password entered by the user: abcdeg
>
> You call the password function:
>
> Password('abcdeg') -> 0bc7a2b806208ed6
>
> Compare the stored checksum and this one: NOT EQUAL -> entered password is
bad
>
>
> Notice that if there is only a small difference between the right and the
> entered words the checksum will be different in many aspects. That's why
it
> is quite safe.
>
> But you can get better protecting if you use the MD5 function. It works
the
> same way than the password function, but generates 32 character long
> checksum instead of 16.
>
>
>
> At 10:47 2002.08.28._ -0600, you wrote:
> >I have used the mysql password(\"$pass \") function in the past to
encrypt
> >passwords into the db. but can not decrypt  them if needed. I know this
is
> >not something new.
> >
> >Is there a better way to protect passwords in the db and then decrypt
them
> >if needed ?
> >
> >Thanks
> >
> >Mark
> >
> >
> >---------------------------------------------------------------------
> >Before posting, please check:
> >    http://www.mysql.com/manual.php   (the manual)
> >    http://lists.mysql.com/           (the list archive)
> >
> >To request this thread, e-mail <mysql-thread118248@stripped>
> >To unsubscribe, e-mail
<mysql-unsubscribe-niel=mailbox.hu@stripped>
> >Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
>
> ---------------------------------------------------------------------
> Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
>
> To request this thread, e-mail <mysql-thread118315@stripped>
> To unsubscribe, e-mail
<mysql-unsubscribe-icgphp=icecoldgold.com@stripped>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>


Thread
MS Access and mySQLJonathan Coleman28 Aug
  • RE: MS Access and mySQLBryant Hester28 Aug
    • RE: MS Access and mySQLNicholas Stuart28 Aug
      • RE: MS Access and mySQLRoger Davis28 Aug
        • RE: MS Access and mySQLNicholas Stuart28 Aug
        • Re: MS Access and mySQLGelu Gogancea28 Aug
  • mysql password ( )Mark Stringham28 Aug
    • Re: mysql password ( )Leonardo Javier BelĂ©n28 Aug
    • Re: mysql password ( )Daniel Kiss29 Aug
  • Re: mysql password ( )Randy Johnson29 Aug
Re: MS Access and mySQLNicholas Stuart28 Aug
  • RE: MS Access and mySQLMary Stickney28 Aug
    • Re: MS Access and mySQLMark Matthews28 Aug
      • RE: MS Access and mySQLMary Stickney28 Aug
        • Re: RE: MS Access and mySQLEgor Egorov29 Aug
Re: MS Access and mySQLArthur Fuller28 Aug
  • Re: MS Access and mySQLNicholas Stuart29 Aug
Re: mysql password ( )Daniel Kiss29 Aug