Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

Re: Ecrypting passwords

by tilly (Archbishop)
on Oct 05, 2003 at 22:16 UTC ( #296800=note: print w/replies, xml ) Need Help??

in reply to Ecrypting passwords

You are on the right path. For a basic one-way encryption you can take the password, append to it some standard text that is part of your algorithm, append some salt that varies per user, and then take an MD5 hash of that. Store the MD5 hash.

Given a password, if the same procedure yields the signature that you stored, then the passwords matched.

There probably is something more secure than this, but this is enough that your remaining security problems are more likely to be elsewhere - possibly plaintext passwords sent over the wire, people with bad passwords, people reusing passwords, people who can be social engineered...

Replies are listed 'Best First'.
Re: Re: Ecrypting passwords
by sgifford (Prior) on Oct 06, 2003 at 01:35 UTC
    There probably is something more secure than this
    Not as far as I know. That's how /etc/passwd works, how MySQL hashes passwords, and seems to be the widely accepted way to solve this particular problem..

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://296800]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (2)
As of 2021-04-20 03:32 GMT
Find Nodes?
    Voting Booth?

    No recent polls found