Oscar Gosdinski wrote:
Instead of using a hash if the password string, i prefer to save the following in the password field of my user's table: md5($user . $password)
This is a good idea, IMHO of course.
There are some md5 databases around that can be used to get the cleartext password from the hash if your database is compromised, if you use this method it's difficult to get the cleartext password because it depends on the user and you are also validating if the user exists.
Well, it's a little hard to obtain the "cleartext" from something in MD5-hash, though it's possible via brute-force. You might as well try to use some other method, such as SHA1, combine them or do whatever you want to alter the initial clear-text version to obfuscate it (like you did above)
However, i have a question. Which is better?, the md5 function provided by PHP or MySQL? i used the MySQL function because i didn't compile PHP with support for hash.
The one in JavaScript :) AFAIK, every MD5 function is based on the MD5 algorithm, so the implementation is rather similar (if not the same) Of course, the result is always the same.
-- Atentamente, J. Rafael Salazar Magaña Innox - Innovación Inteligente Tel: +52 (33) 3615 5348 ext. 205 / 01 800 2-SOFTWARE http://www.innox.com.mx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
