+ Post New Thread
Results 1 to 6 of 6
Internet Related/Filtering/Firewall Thread, Encypting passwords in MySQL with MD5 in Technical; Is this as simple as sticking MD5 in front of the user's password when they submit the form (INSERT INTO ...
  1. #1
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 6 Times in 6 Posts
    Rep Power
    6

    Encypting passwords in MySQL with MD5

    Is this as simple as sticking MD5 in front of the user's password when they submit the form (INSERT INTO tblUsers userID=1 userName=Kirchie userPassword=md5(Password) ) or as I suspect is there more to it than that? I'm trying to set up a simple CRM for a website, but with all the hackings going on its got me thinking.

  2. #2

    Join Date
    Mar 2011
    Location
    Bournemouth
    Posts
    280
    Thank Post
    16
    Thanked 74 Times in 64 Posts
    Rep Power
    21
    MD5 is broken, don't use it for passwords its not secure enough these days, you can use AES instead, but you should also salt the password using the username or some other known information.

    However if you care at all about security you should not encrypt passwords like this because in most scenarios this would mean the password being passed to your database in plain text and may even be logged in plain text. Assuming that you will use SSL to encrypt traffic between the clients and your server you should encrypt the password at the web server point and not pass the information onto a secondary service unencrypted.

  3. Thanks to ChrisMiles from:

    kirchie (7th February 2013)

  4. #3


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,776
    Thank Post
    223
    Thanked 2,633 Times in 1,940 Posts
    Rep Power
    780
    Some of these links may help?


    Use bcrypt or PBKDF2 exclusively to hash anything you need to be secure. These new hashes were specifically designed to be difficult to implement on GPUs. Do not use any other form of hash. Almost every other popular hashing scheme is vulnerable to brute forcing by arrays of commodity GPUs, which only get faster and more parallel and easier to program for every year.

  5. Thanks to Arthur from:

    kirchie (7th February 2013)

  6. #4
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 6 Times in 6 Posts
    Rep Power
    6
    Cheers guys, that's some good reading there! There's not going to be anything that desperately needs securing in the DB, just the results from some races and some news stories, but if it where to get compromised obviously that would be quite bad. What I'm really looking for is an idiot's guide of how to set it up in the first place. Could you recommend a good guide? I've tried doing a Google search, but the problem is people on forums (present company excluded obviously!:P) tend to assume that you know it all already. I have a fairly good grounding in PHP, that's about it.

  7. #5

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,403
    Thank Post
    637
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    If you're storing passwords using PHP, you could do far worse than using phpass.

  8. Thanks to webman from:

    kirchie (7th February 2013)

  9. #6
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 6 Times in 6 Posts
    Rep Power
    6
    Quote Originally Posted by webman View Post
    If you're storing passwords using PHP, you could do far worse than using phpass.
    That looks quite good, cheers webman

SHARE:
+ Post New Thread

Similar Threads

  1. reset "SA" password in sims?
    By zag in forum MIS Systems
    Replies: 5
    Last Post: 14th February 2010, 07:57 PM
  2. Replies: 8
    Last Post: 23rd June 2009, 10:42 AM
  3. mount ext2/3 in windows with truecrypt installed
    By RabbieBurns in forum Windows
    Replies: 0
    Last Post: 16th October 2008, 11:36 AM
  4. View user password in AD
    By timbo343 in forum Windows
    Replies: 10
    Last Post: 20th March 2007, 05:04 PM
  5. Replies: 3
    Last Post: 19th October 2006, 01:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •