Posted by Cord-Heinrich Pahlmann on 01/05/07 12:31

Hi,

I have written a tool wich de/encrypts a few of my forum and
bloggin-Passwords.
My question is how secure it is.
The following describes how I have encrypted my passwords.

When I log in, the Login-Password is changed into a md5-Hash and is
compared to the login-password in the db. If the passwords are the same
the use is logged in (common procedure). Then the clear-text
login-password decrypts an unknown key which is stored in the
$_SESSION-Variable. With that key I decrypt the stored passwords in the
db.
I use the Blowfish Algorithm
(http://www.php-einfach.de/sonstiges_generator_blowfish_script.php,
Source is in German, sorry.).
How secure is the Blowfish Algorithm?
Each time I log in to my Site, the script generates a new key and
de/encrypts all the stored passwords again. So the stored
crypted-passwords look different everytime I login.

Sry, for my English-skills... I'm a little bit rusty...

[Back to original message]