Re: Advice wanted for storing passwords in a database

From: Tony Marston (tony_at_NOSPAM.demon.co.uk)
Date: 05/06/04

• Next message: krunkelgarten: "Sorting folders"
• Previous message: Bob: "Session already registered"
• In reply to: Fred Emmott: "Advice wanted for storing passwords in a database"
• Next in thread: Fred Emmott: "Re: Advice wanted for storing passwords in a database"
• Reply: Fred Emmott: "Re: Advice wanted for storing passwords in a database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Thu, 6 May 2004 10:54:27 +0100

MD5 does not allow a separate 'salt' or 'key' to be input, just the string
to be hashed. To get around this you can attach another string of text
either to the front or the end of the password before you encrypt it.

If you want to be able to decrypt your passwords then take a look at
http://www.tonymarston.co.uk/php-mysql/encryption.html. This describes a
reversible encryption routine which uses a 'key', without which you cannot
decrypt. It is customisable in that you can alter the encryption algorithm
and specify your own key.

HTH.

-- 
Tony Marston
http://www.tonymarston.net
"Fred Emmott" <pcfreak65@hotmail.com> wrote in message
news:paapm1-fe2.ln1@fred.lan...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi - just wondering how I should store passwords in a database - I was
> thinking MD5 hashes would be a good idea - but I've heard it's better to
> "salt" them - how would I do this?
>
> I've tried google, but most of the results seem to be written by people
with
> no idea of security implementations, thinking that "encryption" = "magic
> security dust".
>
> Thanks,
>
> Fred Emmott
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
>
> iD8DBQFAmfo3ima0zti2BQgRAv5OAJwNvO4UjAzPtohvwl2/OrDnTb0HVQCggKqe
> 2sQOjT+3FMx1wPqL5V0wpeA=
> =E0Xa
> -----END PGP SIGNATURE-----

---

• Next message: krunkelgarten: "Sorting folders"
• Previous message: Bob: "Session already registered"
• In reply to: Fred Emmott: "Advice wanted for storing passwords in a database"
• Next in thread: Fred Emmott: "Re: Advice wanted for storing passwords in a database"
• Reply: Fred Emmott: "Re: Advice wanted for storing passwords in a database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Hashed PWs more secure than encrypted PWs? ... How does MD5 work for this? ... > DES is not a public/private-key algorithm. ... > system encrypts a string of zeroes using a random salt ... The place the encryption key is stored is ... (comp.security.unix) Re: Hashed PWs more secure than encrypted PWs? ... How does MD5 work for this? ... > DES is not a public/private-key algorithm. ... > system encrypts a string of zeroes using a random salt ... The place the encryption key is stored is ... (comp.security.unix) Re: Is there a C# equivalent of the VB.NET asc function? ... If it's one way hashing you need use MD5 ... If you need proper 2 way encryption use something like RSA ... > Public Function Encode(Key As String, ByVal Str As String) As String ... > Dim Tmp As String, RealKey As String, sc As String, kc As String ... (microsoft.public.dotnet.framework.aspnet) Re: Unix Password Encryption Procedure ... > I know that most Unix machines either use the DES encryption algorithm ... Your questions about MD5 indicates that you might be using Linux, ... I am curious as to given an encrypted string, ... (comp.unix.programmer) Re: grub and md5 password protection ... >If I repeat it with the same password, I get a different encryption. ... Because of the "salt" value. ... When you md5 or crypt something, ... (comp.os.linux.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)