Oscar Gosdinski wrote:
Instead of using a hash if the password string, i prefer to save the
following in the password field of my user's table:
md5($user . $password)
This is a good idea, IMHO of course.
There are some md5 databases around that can be used to get the
cleartext password from the hash if your database is compromised, if
you use this method it's difficult to get the cleartext password
because it depends on the user and you are also validating if the user
exists.
Well, it's a little hard to obtain the "cleartext" from something in
MD5-hash, though it's possible via brute-force. You might as well try
to use some other method, such as SHA1, combine them or do whatever you
want to alter the initial clear-text version to obfuscate it (like you
did above)
However, i have a question. Which is better?, the md5 function
provided by PHP or MySQL? i used the MySQL function because i didn't
compile PHP with support for hash.
The one in JavaScript :) AFAIK, every MD5 function is based on the MD5
algorithm, so the implementation is rather similar (if not the same) Of
course, the result is always the same.
--
Atentamente,
J. Rafael Salazar MagaƱa
Innox - InnovaciĆ³n Inteligente
Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE
http://www.innox.com.mx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
