[thelist] MySQL, PHP, and passwords
Ivo P
ipletikosic at gmail.com
Wed Feb 23 10:23:04 CST 2005
i've also seen some sites that request two secret questions and if
correct allow you to reset the password so its never set in cleartext.
on a related note, what are people's feelings about sha-1 & md5 being 'broken'?
http://pages.infinit.net/ctech/20040918-0855.html
http://pluralsight.com/blogs/keith/archive/2005/02/16/5907.aspx
just trying to get a sense of how web professionals that use them see
this develoment.
On Wed, 23 Feb 2005 10:06:59 +0300, Burhan Khalid <thelist at meidomus.com> wrote:
> Richard Harb wrote:
> [ snip ]
>
> > Personally I am a little suspicious of sites that offer 'secret questions'.
> > And after answering those correctly the passwords gets sent to you - in plain
> > text. That means that the password has to be stored in plain text somehow ...
>
> Not necessarily, as this could mean that they use reversible encryption.
> MD5 is not encryption (as I'm sure you are aware). MD5 generates a
> hash which can be used to verify the integrity of some input.
>
> I use this feature in websites that I develop. Its easy to use
> reversible encryption (note, not hashing) to store encrypted text in a
> database, but be able to reverse the encryption.
>
> See http://www.php.net/mcrypt for more information.
> --
>
> * * Please support the community that supports you. * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>
More information about the thelist
mailing list