[thelist] MySQL, PHP, and passwords
Burhan Khalid
thelist at meidomus.com
Wed Feb 23 01:06:59 CST 2005
Richard Harb wrote:
[ snip ]
> Personally I am a little suspicious of sites that offer 'secret questions'.
> And after answering those correctly the passwords gets sent to you - in plain
> text. That means that the password has to be stored in plain text somehow ...
Not necessarily, as this could mean that they use reversible encryption.
MD5 is not encryption (as I'm sure you are aware). MD5 generates a
hash which can be used to verify the integrity of some input.
I use this feature in websites that I develop. Its easy to use
reversible encryption (note, not hashing) to store encrypted text in a
database, but be able to reverse the encryption.
See http://www.php.net/mcrypt for more information.
More information about the thelist
mailing list