How can you avoid that? Even if you use two-way encryption, the user is going to want to type in his unencrypted password, obviously, and you are going to have to encrypt it and compare that with the encrypted version stored in the DB. How is this different?
-Rasmus On Tue, 5 Mar 2002, Keyser Soze wrote: > Yes, but to check the password you should supply the plain text pass to md5 > again and compare it with the encrypted one. That's what I'm trying to > avoid. > > regards, > Keyser Soze > > > ----- Original Message ----- > From: "Rasmus Lerdorf" <[EMAIL PROTECTED]> > To: "Brent R. Matzelle" <[EMAIL PROTECTED]> > Cc: "PHP-DEV" <[EMAIL PROTECTED]> > Sent: Tuesday, March 05, 2002 11:35 AM > Subject: Re: [PHP-DEV] New Module > > > Why not just store them using crypt() or md5(). With one-way encoding > like that nobody can steal the passwords, not even you. > > -Rasmus > > On Tue, 5 Mar 2002, Brent R. Matzelle wrote: > > > --- [EMAIL PROTECTED] wrote: > > > Hey, > > > > > > why not simply use the mcrypt functions available in PHP? > > > > I will tell you why. Mcrypt is nearly useless for developers like > > myself who develop PHP applications for both *NIX and win32 > > platforms. The mcrypt libraries are not distributed with the Windows > > binaries package and I have tried to build them myself only to find > > that you need Cygwin, which is an unacceptable dependency. > > > > I have been looking for months for a standard method to perform > > encryption with PHP and have only found php_blowfish > > (http://www.brisse.dk/linux/phpext/blowfish.htm) as a reasonable > > alternative that runs on both *NIX and win32 without many problems. > > Unfortunately this module is not distributed with PHP so I am nervous > > basing my software on it. > > > > I require two way encryption so that I can store passwords in a > > database to prevent unscrupulous database administrators from > > stealing them so it is extremely important to my business. > > > > If anyone has any input on this issue I would be delighted to hear > > it. > > > > Warm regards, > > > > Brent > > > > __________________________________________________ > > Do You Yahoo!? > > Try FREE Yahoo! Mail - the world's greatest free email! > > http://mail.yahoo.com/ > > > > -- > > PHP Development Mailing List <http://www.php.net/> > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
