Encrypting the passwords in a database

Asked By 120 points N/A Posted on -
qa-featured

Hi all,

I have created a database using MySQL and in password fields all the passwords are visible. When the database is dumped all the passwords including the administration passwords can be viewed in the file. How can hide the passwords using PHP?

SHARE
Best Answer by asiri
Answered By 0 points N/A #88482

Encrypting the passwords in a database

qa-featured

There is simple procedure doing it by encrypting the passwords using MD5 and put it into the database. It will restrict viewing the passwords by third  party and it is not possible breaking the code and retrieving the password. Try applying the method using the build in function md5().

Answered By 0 points N/A #88483

Encrypting the passwords in a database

qa-featured

Best practice of storing passwords only after encrypting them. It will increase the security of the system. In PHP passwords can be encrypted easily using the function md5. for example:

md5($_POST['password'])

For further details on md5 refer to http://php.net/manual/en/function.md5.php

Answered By 120 points N/A #88484

Encrypting the passwords in a database

qa-featured

Thank you. I tried the function and It changes the passwords to some digits. By the way What is md5? Is it possible to regenerate the password?

Answered By 0 points N/A #88485

Encrypting the passwords in a database

qa-featured

MD5 means Message-Digest 5 is not actually a encryption technology, It is a cryptographic hash function which is performing mathematical functions on data. In encryption data or a file changed using an algorithm with a usage of a key and it is possible converting the data into the normal form by reversing the algorithm using the same key.

But in MD5 the mathematical functions performed in the data and created a hash value and it is not reversible. MD5 is used widely for applying security for the data.

There are some "decryption" going on MD5. But it is not actually decryption. They keep a database of the data and resulting hash. Once you are given the hash they search the database and if match found or by assuming a match they give the result. But those values are not accurate.

Answered By 0 points N/A #88487

Encrypting the passwords in a database

qa-featured

MD5 or Message-Digest 5 is a reliable and widely used cryptographic function. It creates an unique value by performing functions on the data. MD5 is an one way ticket once it is encrypted it is not possible decrypting it.

Answered By 120 points N/A #88489

Encrypting the passwords in a database

qa-featured

If it is not possible decrypting the data how could I verify the passwords?

Best Answer
Best Answer
Answered By 0 points N/A #88491

Encrypting the passwords in a database

qa-featured

Brian,

It is quite simple. You must aware that Md5 generates a unique hash for a given string. This means:

$password = "as1561v1"

md5("as1561v1") == md5("as1561v1") == md5($password)

Therefore you can verify the password by generating the md5 hash on the entered password by the user. Just refer to the following SQL statement.

SELECT * FROM msgms_users WHERE username='.$username.' AND password='". md5($password) ."'"

I think you will understood how it has been done. If you have any problem don't hesitate and I will provide you with the full code if necessary.

Answered By 120 points N/A #88492

Encrypting the passwords in a database

qa-featured

Thank you very much for helping me out.

Login/Register to Answer

Related Questions