From: Peter Beckman <[EMAIL PROTECTED]>
To: Julien Bonastre <[EMAIL PROTECTED]>
Subject: Re: [PHP-DB] Storing Credit Cards, Passwords, Securely, two-wayencryption
Date: Thu, 5 Jan 2006 22:53:30 -0500 (EST)

On Fri, 6 Jan 2006, Julien Bonastre wrote:

Any reason why you need to have reversible encryption on the password value??

 No... I just prefer to assume that if someone gets my DB, they might try
using user/pass pairs on banking sites, or paypal, or other ways, and if I
 can reversible encrypt the password, I can send them an email with their
 password, rather than changing it to something obscure and force them to
 change it again...

 Though at this point, I just decided to md5 the password and call it good
 enough.  I'll just force them to change it if need be.

Really is the best way to handle it...change and force them to rechange when logging in again.. May I recommend that you SALT the hash value by pre/appending a random string to the value to prevent a straight dictionary attack.


PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to