Posted by Curtis on 04/01/07 10:31

shimmyshack wrote:
> On Mar 30, 4:32 pm, Christian Aigner <Christian.Aig...@gmx.net> wrote:
>> ENCRYPT()
>> PASSWORD()
>> MD5()
>> SHA1()
>>
>> Welche dieser Funktionen sollte ich verwenden, um Passwörter in einer
>> Datenbank zu speichern? Welche Vor- und Nachteile haben die einzelnen
>> Funktionen?
>>
>> TIA,
>> Christian
>
> ENCRYPT() is a two way encryption/decryption function so you don't
> need this unless you will be decrypting as well - which normally you
> don't do when storing passwords in a database.
>
> PASSWORD(), MD5(), SHA1() are one way hashes, so choose from these
>
>
> :) mysql: PASSWORD() - it has changed over time.
>
> MD5 and SHA1 are older and less strong than easily used SHA256 and
> SHA-512 etc... so why not use SHA-256, SHA-384, SHA-512 etc..
>
> <?php print_r(hash_algos()); ?>
>
> use the strongest one you feel comfortable with. (they are all strong
> enough for most practical purposes)
>
>
>
>

Choosing the best one to store passwords in your database would
probably be SHA1, unless you want to use the mcrypt library, in which
case you could use SHA-256 or SHA-512.

You should not use an encryption, because passwords should be hashed
once, and not decrypted. You don't need to use encryption over hashing
to log people in, if that's what the OP was thinking.

Curtis, http://dyersweb.com

[Back to original message]