| Share this post! | Vote this! |
|
You may have seen a lot of PHP scripts which plainly store the user passwords in the database.
There is so much text, should you read it all? Yes you should if you're interested. Why? Because if you don't, you will not understand how the PHP functions below work, and why that's our choice.
This is very bad, because if a hacker hacks the website and gets the database, he can try to login using the member's passwords with their e-mails (some people use the same password on websites as their e-mail password, although this is really unsafe). Once the hacker has control over your email he could possibly get access to your paypal account and other sites!
In order to prevent this, most developer's use MD5 or SHA1 to encode the passwords and store them in the database. Is this good? Well it's better. The problem with MD5() is not that it can't be decrypted directly, but that there are only databases. On these databases, every time a user MD5 encrypts a string, that string is added to the database. Decrypting is only a matter of searching and finding. Many passwords can be decrypted like this.
In order to make it really safe, you need an algorithm that people don't think is used.
That's where password salts get important.
More...
There is so much text, should you read it all? Yes you should if you're interested. Why? Because if you don't, you will not understand how the PHP functions below work, and why that's our choice.
This is very bad, because if a hacker hacks the website and gets the database, he can try to login using the member's passwords with their e-mails (some people use the same password on websites as their e-mail password, although this is really unsafe). Once the hacker has control over your email he could possibly get access to your paypal account and other sites!
In order to prevent this, most developer's use MD5 or SHA1 to encode the passwords and store them in the database. Is this good? Well it's better. The problem with MD5() is not that it can't be decrypted directly, but that there are only databases. On these databases, every time a user MD5 encrypts a string, that string is added to the database. Decrypting is only a matter of searching and finding. Many passwords can be decrypted like this.
In order to make it really safe, you need an algorithm that people don't think is used.
That's where password salts get important.
More...
0 comments:
Post a Comment