MD5 does not allow a separate 'salt' or 'key' to be input, just the string
to be hashed. To get around this you can attach another string of text
either to the front or the end of the password before you encrypt it.
If you want to be able to decrypt your passwords then take a look at
http://www.tonymarston.co.uk/php-mysql/encryption.html. This describes a
reversible encryption routine which uses a 'key', without which you cannot
decrypt. It is customisable in that you can alter the encryption algorithm
and specify your own key.
HTH.
--
Tony Marston
http://www.tonymarston.net
"Fred Emmott" <pc*******@hotmail.com> wrote in message
news:pa************@fred.lan...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi - just wondering how I should store passwords in a database - I was
thinking MD5 hashes would be a good idea - but I've heard it's better to
"salt" them - how would I do this?
I've tried google, but most of the results seem to be written by people
with no idea of security implementations, thinking that "encryption" = "magic
security dust".
Thanks,
Fred Emmott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFAmfo3ima0zti2BQgRAv5OAJwNvO4UjAzPtohvwl2/OrDnTb0HVQCggKqe
2sQOjT+3FMx1wPqL5V0wpeA=
=E0Xa
-----END PGP SIGNATURE-----