|
|
Posted by Schraalhans Keukenmeester on 09/11/06 20:30
flamer die.spam@hotmail.com wrote:
> phforum wrote:
>
>> I have no ideas to encrypt the user input password from the text
>> box.....
>
> are you wanting to have it encrypted so its safe during transfer over
> the internet, or want it encrypted so you can store in a database? as
> someone suggested you need to get a ssl certificate and use https:// to
> transfer it encrypted, they cost money, if you just want to encrypt the
> password after your php script receives it then you can use $password =
> md5($password); md5 encryption is irreversable.
>
> Flamer.
>
Certificates cost money if you purchase them from a commercial & trusted
Certification Authority. There is no law against generating your own
certificate (you probably need to obtain OpenSSL if it isn't already
present on your system), nor does doing so make the encryption less
strong. Only a self-generated certificate will not be trusted by
everyone, as there is no independent party vouching for your certifcate
identity. The added value of buying a license comes from the increased
trust you may get by others. For many uses you can do well without. If
my bank didn't have a properly third party signed certificate I would
become wary to use their https connection though....
md5 strictly speaking doesn't encrypt the password, it creates a hash
value. It IS true the hash value can NOT be used to compute a unique
password. (Theoretically there are several password strings that would
match the same md5 hash, but chances a randomly chosen password will
produce the hash you require are very slim.). Storing hashed values in a
db rather than plaintext is recommendable practice in any live environment.
Sh.
[Back to original message]
|