Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Storing Passwords

  • 03-04-2007 08:22AM
    #1
    daryllsheridan
    Closed Accounts Posts: 44


    In the very early stages of designing a site and im just messing around with the login / register features

    What are people's opinions on storing passwords? From a security point of view and a general usability point of view!

    Site will be just for general info (its going to be student related) and i wont be storing any sensitive information but still know the passwords should be encrypted

    Is storing as MD5 the best solution (i know this has its own problem as regards lost passwords etc)

    Or is a two way encryption better? Havent really had much luck finding a good 2 way encryption algorithim (if anybody knows one that'd be cool)


Comments

  • #2
    Trampas
    Registered Users, Registered Users 2 Posts: 8,576 ✭✭✭Trampas


    Some DMBS systems allow fields to be a password field so all appears in the database is **** for the characters


  • #3
    chakotha
    Registered Users, Registered Users 2 Posts: 912 ✭✭✭chakotha


    I have found Blowfish straightforward to use.

    http://pear.php.net/package/Crypt_Blowfish

    or this looks faster to get going but I haven't tried it

    http://codewalkers.com/seecode/593.html


  • #4
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    MD5 is fine but remember to seed the passwords so a straight md5lookup is useless.

    php example
    http://ie.php.net/manual/en/function.md5.php#56934


    As for the lost password problem just use the email back a message to verify a user is who they claim method.


  • #5
    Hobbes
    Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭Hobbes


    I'd go with one way encryption. Public / Private key.

    Then when they enter the password to login you encrypted it and compare the encryptions.


  • #6
    The Corinthian
    Closed Accounts Posts: 19,777 ✭✭✭✭The Corinthian


    Store your users/passwords as database users with just the bare necessary rights on the database in question.


  • Advertisement
  • #7
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    NutJob wrote:
    MD5 is fine but remember to seed the passwords so a straight md5lookup is useless.

    php example
    http://ie.php.net/manual/en/function.md5.php#56934


    As for the lost password problem just use the email back a message to verify a user is who they claim method.

    i would second this this suggestion.


Advertisement