473,404 Members | 2,114 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > advice wanted for storing passwords in a database

Join Bytes to post your question to a community of 473,404 software developers and data experts.

Advice wanted for storing passwords in a database

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi - just wondering how I should store passwords in a database - I was
thinking MD5 hashes would be a good idea - but I've heard it's better to
"salt" them - how would I do this?

I've tried google, but most of the results seem to be written by people with
no idea of security implementations, thinking that "encryption" = "magic
security dust".

Thanks,

Fred Emmott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAmfo3ima0zti2BQgRAv5OAJwNvO4UjAzPtohvwl2/OrDnTb0HVQCggKqe
2sQOjT+3FMx1wPqL5V0wpeA=
=E0Xa
-----END PGP SIGNATURE-----
Jul 17 '05 #1
2 1666
MD5 does not allow a separate 'salt' or 'key' to be input, just the string
to be hashed. To get around this you can attach another string of text
either to the front or the end of the password before you encrypt it.

If you want to be able to decrypt your passwords then take a look at
http://www.tonymarston.co.uk/php-mysql/encryption.html. This describes a
reversible encryption routine which uses a 'key', without which you cannot
decrypt. It is customisable in that you can alter the encryption algorithm
and specify your own key.

HTH.

--
Tony Marston
http://www.tonymarston.net

"Fred Emmott" <pc*******@hotmail.com> wrote in message
news:pa************@fred.lan...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi - just wondering how I should store passwords in a database - I was
thinking MD5 hashes would be a good idea - but I've heard it's better to
"salt" them - how would I do this?

I've tried google, but most of the results seem to be written by people with no idea of security implementations, thinking that "encryption" = "magic
security dust".

Thanks,

Fred Emmott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAmfo3ima0zti2BQgRAv5OAJwNvO4UjAzPtohvwl2/OrDnTb0HVQCggKqe
2sQOjT+3FMx1wPqL5V0wpeA=
=E0Xa
-----END PGP SIGNATURE-----

Jul 17 '05 #2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tony Marston wrote:
MD5 does not allow a separate 'salt' or 'key' to be input, just the string
to be hashed. To get around this you can attach another string of text
either to the front or the end of the password before you encrypt it.

If you want to be able to decrypt your passwords then take a look at
http://www.tonymarston.co.uk/php-mysql/encryption.html. This describes a
reversible encryption routine which uses a 'key', without which you cannot
decrypt. It is customisable in that you can alter the encryption algorithm
and specify your own key.

HTH.

Nah i want a hash - thanks tho
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAmhLwima0zti2BQgRAmLGAJ9hZAc267gCVY4dQY5veZ uYoZh2cgCdFdtl
9vrUg6n0Djwmp3xjMUehrpk=
=Dolb
-----END PGP SIGNATURE-----
Jul 17 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
storing passwords in database
by: Bartosz Wegrzyn | last post by:
hi, I would like to store windows passwords and usernames in database. Please tell me where to start? What database can I use? Can I use free microsoft database? Thanks Bart
Microsoft SQL Server
0
g++ multi threaded advice.
by: Dave | last post by:
Hi. I am new to theads and I wanted some advice on my client/server program on Linux. I want to create a CD database with this functionality. 1. Multiple client requests for the same CD...
C / C++
1
Storing passwords
by: Oleg Lebedev | last post by:
My application needs to store user names and passwords in the database via JDBC connection. What is the right way to do this? What should be the database type of the password column? How do I...
PostgreSQL Database
4
Storing passwords in database
by: VB Programmer | last post by:
I am using SQL Server as the database for my ASP.NET app. I have a users table with a password field. What is the best way to encrypt it before it goes into the table, then decrypt it to read...
ASP.NET
6
Need design advice. What's my best approach for storing this data?
by: Mudcat | last post by:
Hi, I am trying to build a tool that analyzes stock data. Therefore I am going to download and store quite a vast amount of it. Just for a general number - assuming there are about 7000 listed...
Python
0
Storing and passing secure passwords to MS Exchange
by: scoomey | last post by:
Hi folks- I've got an interesting problem. For our homebrewed PHP intranet application, I will soon be required to give users access to their email/calendar information from Microsoft Exchange....
PHP
5
storing database connection strings
by: djc | last post by:
is it still customary to use web.config and global.asax to store connection strings? For example storing the string in web.config and using application start procedure in global.asax to declare a...
ASP.NET
10
Re: Advice on securing a sensitive Access database
by: Les Desser | last post by:
In article <fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes Not sure if I quite follow that. 1....
Microsoft Access / VBA
3
Storing Passwords
by: Eric Wertman | last post by:
I've a number of scripts set up that require a username/password combination to log in elsewhere. It's gotten to the point where I need to keep them in a more secure location, instead of just in...
Python
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!