Web Hosting Forums

Results 1 to 4 of 4

This is a discussion on Password encryption in the Hosting Talk & Chit-chat forum
I would like to store my users's passwords in the database in an encrypted format. Could anywone please point me to a good encryption method ...

  1. #1
    Loyal Client
    Join Date
    Feb 2002
    Posts
    86

    Password encryption

    I would like to store my users's passwords in the database in an encrypted format. Could anywone please point me to a good encryption method that could possibly be used in php?
    Note that I can't use md5, since I have to ba able to decypt the password back in case the user forgets his/her password.

    Thanks

  2. #2
    Loyal Client
    Join Date
    Jul 2001
    Posts
    29

    Hash browns

    I would say that when most people talk about encrypting passwords for websites, etc. they are referring to hashing rather than key cryptography. A solution for your problem would be to simply assign them a temporary password and then have them change their password back to a permanent one (like they do for many sites). I assume you want encryption for security, but if you use key cryptography, where will you store the key? probably on the server - right with the ciphertext. So key maintnence would be another issue if not using a hash. Hope that makes sense.


    -Will

  3. #3
    Community Leader jason's Avatar
    Join Date
    Sep 2001
    Location
    Rochester, NY
    Posts
    5,884
    The way I do things is I use one-way encryption, such as with php's crypt() function or MySQL's password() function. If a user forgets a password, I just assign them a new one. I have a list of random words (things like colors, fruits, states, etc) and a routine that selects two diffeent random words from the list and places a random number between them (ie pineapple26vermont). When a user forgets his/her password, they can enter their email address and the server sends them a message with a new one in it. The next time they log in, they are asked to change the password again to something they'll remember.

    --Jason
    Jason Pitoniak
    Interbrite Communications
    www.interbrite.com www.kodiakskorner.com

  4. #4
    Loyal Client
    Join Date
    Feb 2002
    Posts
    86
    Ugh, I can't believe I didn't think of this. Thanks guys!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •