Re: Welche Funktion zur Speicherung von Passwörtern verwenden?

From: "shimmyshack" <matt.farey@xxxxxxxxx>
Date: 30 Mar 2007 09:54:35 -0700

On Mar 30, 4:32 pm, Christian Aigner <Christian.Aig...@xxxxxxx> wrote:

ENCRYPT()
PASSWORD()
MD5()
SHA1()

Welche dieser Funktionen sollte ich verwenden, um Passwörter in einer
Datenbank zu speichern? Welche Vor- und Nachteile haben die einzelnen
Funktionen?

TIA,
Christian

ENCRYPT() is a two way encryption/decryption function so you don't
need this unless you will be decrypting as well - which normally you
don't do when storing passwords in a database.

PASSWORD(), MD5(), SHA1() are one way hashes, so choose from these

:) mysql: PASSWORD() - it has changed over time.

MD5 and SHA1 are older and less strong than easily used SHA256 and
SHA-512 etc... so why not use SHA-256, SHA-384, SHA-512 etc..

<?php print_r(hash_algos()); ?>

use the strongest one you feel comfortable with. (they are all strong
enough for most practical purposes)

.

References:
- Welche Funktion zur Speicherung von Passwörtern verwenden?
  - From: Christian Aigner

Prev by Date: Php / Java grids .NET grids
Next by Date: Re: What is the learning curve for PHP?
Previous by thread: Welche Funktion zur Speicherung von Passwörtern verwenden?
Next by thread: Php / Java grids .NET grids
Index(es):
- Date
- Thread

Relevant Pages

Re: NIS: mixing FreeBSD and Linux machines
... >is that FreeBSD uses MD5 to encrypt the password and Linux DES. ... >One solution was to change MD5 to DES on the FreeBSD machine and ...
(comp.unix.bsd.freebsd.misc)
Re: Encryption method desired...
... The message digest is a 128-bit number. ... It therefore does not encrypt the ... plaintext. ... >explanation of how MD5 encruption is used. ...
(comp.databases.ms-access)
Re: Encrypt data
... I'm not sure what you mean below with "sign parameters with 160 bit SHA1". ... PRIVATE key of the certificate. ... 3DES key) to encrypt any amount of data. ... Asymmetric RSA encryption has a limit on size of data that can be ...
(microsoft.public.platformsdk.security)
Re: Proposal for Lite Encryption for Login Form without SSL
... javascript) to encrypt the password on my end and send it. ... Password is sent in MD5. ... PHP MD5s the MD5 along with a RANDOM salt. ...
(comp.lang.php)
Re: Proposal for Lite Encryption for Login Form without SSL
... javascript) to encrypt the password on my end and send it. ... Password is sent in MD5. ... PHP MD5s the MD5 along with a RANDOM salt. ...
(comp.lang.php)