> This is not what I need.
> I'm not building a userbase to authenticate with.
> I'm holding a database of users and passwords that I need to keep.
> There is no authentication done against these user/password pairs.
> I don't want to keep the passwords in free text since if someone 
> breaks in, 
> he can steel many users and passwords.
> What I want to do, is encrypt each password with another password.
> and be able to decrypt the string with the same pass that was used
> to encrypt to show the original plain text pass two who ever needs
> to see it.

The problem here is that to be able to decrypt a password you will have 
to store the key somewhere. This key will then be vulnerable if someone
breaks into your machine. In other words, the crack becomes a bit more 
difficult but will have the same catastrophic affects.

What you should do is encrypt the password in the database using a one way
function, such as crypt(), http://www.php.net/manual/en/function.crypt.php.

When the user enters their password, encrypt that and then compare the
encrypted passwords. The only problem with this is that there is no easy
way to recover the password if the customer loses it. In this scenario, you
will have to have an alternative way to reset the customers password.



Chief Technical Consultant
Auxinet Payment Services                       http://www.auxinet.com
Phone: +44 870 72 74 76 2             Sales Office: +44 870 72 74 76 3
Fax:   +44 870 72 74 78 2                           +44 870 72 74 78 3

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to