473,320 Members | 1,845 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

problem with hash function

Hi

I want that nobody can see my password even in database..

So i used hash function like this

Expand|Select|Wrap|Line Numbers
  1. $passowrd_hash=hash('shal',$_POST['password']);
NOw easily i can store this password_hash value into database...It will be something like in encrypted form...

Now user know its origional password he dont know this encrypted password..

Now if he try to login through this origional password..He is not able to login.

So is there any method so that it can be decrypted and usercan make log in ...So he can acheiev both security of passowrd as well as login again...


How to do this
Jan 25 '10 #1

✓ answered by Atli

Hey.

You don't need to decrypt the hash to log the user in. You simply fetch the hash from the database, hash the password he is trying to log in with, and compare the two. If they match, log him in.

Also, there is a typo in the name of your hashing algorithm. It is supposed to be SHA1 (SHA-one), not SHAL ;-)
The case shouldn't matter. (That is: SHA1 == sha1)

3 3782
zorgi
431 Expert 256MB
So is there any method so that it can be decrypted and usercan make log in ...So he can acheiev both security of passowrd as well as login again...
I am not sure if I understood this but ... You should not decrypt password once stored in the database. Instead you should encrypt whatever user provides as his password (when trying to log in) and than compare it with encrypted password in your database. That way no one except user (including you if you used sha1) knows his/hers password.
Jan 25 '10 #2
Atli
5,058 Expert 4TB
Hey.

You don't need to decrypt the hash to log the user in. You simply fetch the hash from the database, hash the password he is trying to log in with, and compare the two. If they match, log him in.

Also, there is a typo in the name of your hashing algorithm. It is supposed to be SHA1 (SHA-one), not SHAL ;-)
The case shouldn't matter. (That is: SHA1 == sha1)
Jan 25 '10 #3
RedSon
5,000 Expert 4TB
Just for future reference, creating a hash is a "one-way" function. There is no "undo" for that. You cannot recover the original input from a hash (theoretically).
Jan 25 '10 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

5
by: Juho Saarikko | last post by:
I made a Python script which takes Usenet message bodies from a database, decodes uuencoded contents and inserts them as Large Object into a PostGreSQL database. However, it appears that the to...
1
by: Timo Qvist | last post by:
Hi, I'm a bit new to STL and really new to SGI's hash_set implementation and I've having problem instantiating a hash_set with a custom hash function, I could really use some help sifting through...
3
by: Markus Dehmann | last post by:
I have a class "Data" and I store Data pointers in an STL set. But I have millions of inserts and many more lookups, and my profiler found that they cost a lot of runtime. Therefore, I want to...
2
by: Bryan Olson | last post by:
The current Python standard library provides two cryptographic hash functions: MD5 and SHA-1 . The authors of MD5 originally stated: It is conjectured that it is computationally infeasible to...
16
by: Materialised | last post by:
I have been given the task, of developing a program to sit next to a cgi based c program (I know this is offtopic but my question does only refer to the standard c part of the code). Basically...
15
by: Peter Afonin | last post by:
Hello, I'm struggling with the string conversion to MD5 which I've never user before. I have a string that I need to encode which looks approximately like this: ...
10
by: elibol | last post by:
Hi, Is there an event that fires when the back or forward button on a browser is pressed? I need an event to fire when someone clicks the back or forward button after an anchor has been set. ...
8
by: MuZZy | last post by:
Hi, Why for god sake they change implementation of String.GetHashCode() from ..NET 1 to .NET 2? We were storing some user passwords in hashcode, now we can't upgrade those clients with .NET 2...
18
by: len.hartley | last post by:
Hi, I am trying to pop-up a window when the user clicks on an image. The problem is that when the user clicks on the image and the window pops up OK, but the window underneath also proceeds to...
12
by: Arash Partow | last post by:
Hi all, I've ported various hash functions to python if anyone is interested: def RSHash(key): a = 378551 b = 63689 hash = 0
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.