Posted by Gustavo Narea on 11/27/05 18:51

Hi.

Ahmed Saad wrote:
> On 11/26/05, Yaswanth Narvaneni <yaswanth@gmail.com> wrote:
>
>>I 'dont' want to use something like select * from table where
>>table.passwd=password($passwd);
>
>
> Well, i think you better use a specific password hashing function
> rather than MySQL's password() 'cause it's implementation is not
> consistent across versions (IIRC. they broke backward compatibility in
> version 5).. Use md5() or sha1() so you know what alghorithm is used
> and you can be almost sure that implementation across langauges and
> versions is the same.

Yes, That's something important.

Yaswanth, take a look at:
http://phpsec.org/articles/2005/password-hashing.html

Regards.

--
Gustavo Narea.
PHP Documentation - Spanish Translation Team.
Valencia, Venezuela.

[Back to original message]