I came to the same conclusion today after reading the docs again. I would
prefer the des_encode if I need to get things back out of it, but since I'm
running 3.23.55, the des_encode function is not available to me. I have a
need to encrypt data and then retrieve it later (credit card data). I could
probably pass it through and md5 or des function via openssl I suppose and
then store it. Perl and PHP both have functions to handle that.
Curtis
Tonu Samuel said:
> On Tue, 2003-02-11 at 15:39, Curtis Maurand wrote:
>>
>> The manual suggests that the password function is really for intenal
>> mysql functions. Ideally you should use the encode or md5_encode
>> functions.
>>
>> update user set password=encode('password', 'salt') where user =
>> 'your_user';
>
> Unless manual does not say, what method is used for encode(), I would
> prefer MD5() which is known to be good enough.
>
> I remember something about "encode" from source code. If I remember
> properly it was "home-made" algorithm and home-made algorithms are
> always known to be "keep-away" algorithms.
>
> If you need security, always hire expert to analyze your needs and
> suggest exact ways to improve it. Even smaller mistake can void all
> efforts to secure something. Most security problems I have seen are
> results of doing security without knowing about topic. Often they lead
> to headlines as it was in CNN few months ago: "hackers stoled credit
> reports of 15000 people".
>
> Use MD5() for one-way hashing where result never needs to be decrypted
> (usually passwords)
> Use DES_ENCRYPT() for encrypting data if you want to decrypt it at some
> point.
> Surely do not use PASSWORD() anywhere.
>
> Tõnu
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
