473,503 Members | 9,887 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How important is using password() encryption function ?

290 Contributor
Hi,

I have noticed that some website do not use encryptiom for passwords as they are able to send you the existing password.

Others can only give you a new password, so I guess they are using encryption ( ? ).

Does it really matter ?

Can anybody look at my MySQL database and see the password if it is not encrypted ? Or is it only in transmission that it could be spied on ?

It seems much easier not to have encryption for access to simple membership sites. That way, if the is a problem, I can then log in as the member and see what they see. With encryption, I can not use their password to log-in so it restricts my trouble shooting options.


Any thoughts on this ?
Thanks.


.
Mar 23 '10 #1
4 1879
Atli
5,058 Recognized Expert Expert
Hey.

Passwords aren't really "encrypted". They are hashed. - That basically means the password is converted into a non-reversible string of characters that should (in theory) be unique to that password.

This is an extra layer of security, and privacy, in case your password database is compromised. It means that your user's passwords will not be clearly readable, even if somebody managed to hack their way into your databases. - It also protects your users from you; the database admin. - This may also be an invaluable protection on shared hosts, where you can not be sure who exactly has access to your database.

It's just one of those basic security features that is easy to implement and may prove invaluable. In my opinion, any site that does not implement this sort of protection has sub-par security, regardless of any other security they may use. (Although that opinion is highly debatable.)

It seems much easier not to have encryption for access to simple membership sites. That way, if the is a problem, I can then log in as the member and see what they see. With encryption, I can not use their password to log-in so it restricts my trouble shooting options.
That you should never do. You should never log in as another member. - If you need to do anything like that, you should add administrative tools that allow you to do so without having to actually use the user's login credentials.

Bottom line is that user passwords are highly private pieces of data. Even viewing it yourself for administrative tasks is an invasion of their privacy. -- Nobody except the user should be able to know their passwords, not even you. Hashing them, and discarding the original, ensures that.
Mar 23 '10 #2
Markus
6,050 Recognized Expert Expert
Well put, Atli.

P.S. I fixed a few typos for you :)
Mar 23 '10 #3
jeddiki
290 Contributor
Thanks for your reply.

I appreciate your opinion.

If I hash the passwords though, I guess that it means I can not send the account owner their password in an email ... or can I ?

When my script sends the hashed password out to the owner, can the user see it in their browser as the password they need to enter ?

Thanks for any clarifications.


.
Mar 24 '10 #4
Atli
5,058 Recognized Expert Expert
No. You can not retrieve the password in any way. A hash is scrambled beyond recovery, so there is no way (in theory) to recover it. - If the user forgets his/her password, you would have to generate a new password and send him that, so he can log in and change it.

@Markus
Thanks :)
Was test-driving IE8 (just for kicks xD)... no proper spell checker.
Mar 24 '10 #5

Sign in to post your reply or Sign up for a free account.

Similar topics
9
10294
password encode and decode ?
by: Jay | last post by:
Hi everybody ! I've used the "crypt()" function in PHP to save password of a user logging in a web-based system. Based on a book that I've read (PHP advanced by Larry UllMan), there is no way...
PHP
3
2821
Encrypt password Problem
by: f_salazar | last post by:
Im not goo writing in english, so here I go ! Public Shared Function Encriptar(ByVal cleanString As String) As String Dim clearBytes As () clearBytes = New...
ASP / Active Server Pages
0
3527
Tough security question using System.Security.Cryptography.RijndaelManaged.
by: Andrzej | last post by:
Hi, I have to figure out why we have a problem with special characters in encrypted usernames and passwords. Case: Username: r&bgeorge Password: tigger
C# / C Sharp
2
7651
decryption of encrypted DB2 UDB LUW column without using DB2 decrypt function
by: Bernard Dhooghe | last post by:
The information center writes: "Encryption Algorithm: The internal encryption algorithm used is RC2 block cipher with padding, the 128-bit secret key is derived from the password using a MD2...
DB2 Database
0
3820
Asp.net Important Topics.
by: shamirza | last post by:
· What is view state and use of it? The current property settings of an ASP.NET page and those of any ASP.NET server controls contained within the page. ASP.NET can detect when a form is requested...
ASP.NET
2
1408
Password encryption and binding
by: Earl | last post by:
I'm adding password encryption to the Employees form. I have a strongly-typed dataset being used as the datasource for the EmployeesBindingSource, and the Employees table set as the datamember. All...
Visual Basic .NET
9
3568
nooB PhP login using MySQL
by: Ben | last post by:
Hello, I'll bet this has been asked a million times but I can't seem to find a thread that gives the clear example I need. This PC has MySQL and IIS configured and running. The MySQL database is...
PHP
3
12436
Using RijndaelManaged
by: melon | last post by:
I need to store some password on a text file. I was trying to use some kind of encryption to encrypt the password from plain text. I found the code below off the web, which works great. But...
C# / C Sharp
0
2170
Set Encryption password and SQL20143N
by: Jon.Hakkinen | last post by:
Hi all, I'm on DB2 9.5 fp 0 on Windows. I have a simple SQL stored procedure which uses the Encrypt() function to insert data in a table. I do not set the encryption password inside the...
DB2 Database
5
12957
topher23
Generate secure user passwords using the MD5 hash class module
by: topher23 | last post by:
I've seen a lot of questions about how to make secure database passwords. I'm going to go over a method of encrypting a password using the MD5 encryption algorithm for maximum security. First,...
Microsoft Access / VBA
0
7207
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7095
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7294
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7361
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
7015
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
1
5026
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4693
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3183
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
403
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us