Hah.. Because I figured it wouldn't be an accepted solution by "real
security" people. :)  I've used it too.  Also used the md5_file()
function to create a duplicate file scanner for my home PC.

The only problem with using MD5 or another one-way solution on a general
site that doesn't require super-security is that when people forget
their password, you have to do a "Click this to reset your password",
have it reset to something random, then have them change it when they
log in.  There's no "Send me my password" ability, which I find kind of
useful on general sites that make you log in (free registration and

As for why you're in the direct mail.. I don't know.  I just did "Reply
all" to the original question and you must have been in it. :)

Just enjoy the love and stop complaining. Hah.


> -----Original Message-----
> Sent: Thursday, November 18, 2004 12:15 PM
> Subject: RE: [PHP-DB] password encryption
> Quoting "Gryffyn, Trevor" <[EMAIL PROTECTED]>:
> > If you want to be cheesy, you can also use something like 
> an MD5 has on
> > "dog" and get whatever it gets.... Then every time someone 
> enters "dog"
> > it always ends up with the same MD5 hash.
> How is using MD5 cheesy?  I've implemented exactly that 
> solution a number of times.  Admittedly, only for a very
> small site, mainly as the 'site content update' password.
> -P
> ps. and on another note, why am I in the list of direct 
> addressees here?

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to