Posted by Carl Vondrick on 01/31/06 06:48
gene.ellis@gmail.com wrote:
> I am using PHP to allow users to create profiles on our website and
> store them in a MS SQL database and I am wondering, how can I encrypt
> the passwords? Also, how would I be able to match the right password
> when it is time to retrieve the password from the database? Thank you
> very much for your help!
You should use MD5 *and* SHA1. If you use both, you make the hash
almost impossible to find collisions.
Example:
$pass = md5($pass) . '-' . sha1($pass);
Add as many as encryption functions like this to get an added security
boost.
--
Carl Vondrick
usenet@carlsoft.net
www.carlsoft.net
[Back to original message]
|