[thelist] MySQL, PHP, and passwords

Burhan Khalid thelist at meidomus.com
Wed Feb 23 01:06:59 CST 2005


Richard Harb wrote:
[ snip ]

> Personally I am a little suspicious of sites that offer 'secret questions'.
> And after answering those correctly the passwords gets sent to you - in plain
> text. That means that the password has to be stored in plain text somehow ...

Not necessarily, as this could mean that they use reversible encryption. 
  MD5 is not encryption (as I'm sure you are aware). MD5 generates a 
hash which can be used to verify the integrity of some input.

I use this feature in websites that I develop.  Its easy to use 
reversible encryption (note, not hashing) to store encrypted text in a 
database, but be able to reverse the encryption.

See http://www.php.net/mcrypt for more information.


More information about the thelist mailing list