The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
A few more PHP questions from me. :0)
Password Encryption - Have a for that allows users to register, need some way of encrypting the passwords though, is there a built in function with php to do it or would I need to write one to do it? Also you know when you enter passwords in forms they you get **** instead of the characters being entered - how do you do that?
Sessions - How tricky is using sessions in php? Need to make sure that only registered users can access certain parts of my site, is it something that is going to take a while to do or is it straightforward enough to do?
Cheers
Password Encryption - Have a for that allows users to register, need some way of encrypting the passwords though, is there a built in function with php to do it or would I need to write one to do it? Also you know when you enter passwords in forms they you get **** instead of the characters being entered - how do you do that?
Sessions - How tricky is using sessions in php? Need to make sure that only registered users can access certain parts of my site, is it something that is going to take a while to do or is it straightforward enough to do?
Cheers
Page:
Its a pity SR don't offer a prize for the most pretentious post of the day. :-)
Also, please note that you are NOT hashing your passwords, and that encrypting them is a bad idea. You need a hash (or digest) of the string.
It's quite apparent that none of the posters in this thread know anything about cryptography.
It's quite apparent that none of the posters in this thread know anything about cryptography.
Hm you're not looking at this cryptographically. If you nest hashing algorithms, you won't gain anything;
Say md5(a) == c, and md5(b) == c. Then say you take otherHash(c) == d.
Therefore,
otherHash(md5(a)) == d == otherHash(md5(b))
What you have to appreciate is, however, there are only a handful of known handful of collisions known, ever. Moreso, the hash of any string less than some high order of magnitude is completely unique. Honestly, I can't stress this enough, that if you hash your passwords with md5 they will be COMPLETELY secure.
Read: http://en.wikipedia.org/wiki/Md5
Say md5(a) == c, and md5(b) == c. Then say you take otherHash(c) == d.
Therefore,
otherHash(md5(a)) == d == otherHash(md5(b))
What you have to appreciate is, however, there are only a handful of known handful of collisions known, ever. Moreso, the hash of any string less than some high order of magnitude is completely unique. Honestly, I can't stress this enough, that if you hash your passwords with md5 they will be COMPLETELY secure.
Read: http://en.wikipedia.org/wiki/Md5
For extra encryption there is a way of encrypting a password twice I believe. (md5'ing it twice)
Thanks.
Much appreciated
Much appreciated
Fair points, I suppose no system can be perfect.
With that said, it shoulnd't be an issue anyway, as long as usernames are kept unique (with good script and database design), two different passwords being hashed the same should't cause many problems - in the same way that two people choosing to use the same password shouldn't cause a system problem.
With that said, it shoulnd't be an issue anyway, as long as usernames are kept unique (with good script and database design), two different passwords being hashed the same should't cause many problems - in the same way that two people choosing to use the same password shouldn't cause a system problem.
cjh wrote:
> MySQL also includes a PASSWORD() function if you're interested.
>
> I'm not to sure how the two compaire, but comments on the PHP manual
> page for md5 suggest it isn't reliable, due to more than one string
> being given the same hash output.
MySQL's PASSWORD is less secure than MD5. The probability of a string collision with MD5 is extremely, extremely low, to the point that MD5 is the standard way of hashing passwords.
> MySQL also includes a PASSWORD() function if you're interested.
>
> I'm not to sure how the two compaire, but comments on the PHP manual
> page for md5 suggest it isn't reliable, due to more than one string
> being given the same hash output.
MySQL's PASSWORD is less secure than MD5. The probability of a string collision with MD5 is extremely, extremely low, to the point that MD5 is the standard way of hashing passwords.
That is true, since it will turn any string into a 32 character hash, but the chances of that are billions and billions to one. The same is true of any one way encryption method that results in a fixed length hash though.
MySQL also includes a PASSWORD() function if you're interested.
I'm not to sure how the two compaire, but comments on the PHP manual page for md5 suggest it isn't reliable, due to more than one string being given the same hash output.
I'm not to sure how the two compaire, but comments on the PHP manual page for md5 suggest it isn't reliable, due to more than one string being given the same hash output.
Encryption is easy. There are a variety of encryption methods used in PHP - one of the most common being the md5() encryption function. Look in the manual on how to use it - very simple.
To get the *** in input fields, just use rather than type="text"
Sessions aren't too tricky in PHP, just try a few examples from the manual and get used to how they work. On a slight aside, can someone explain the difference to me between session cookies (i.e. those that only last the duration of the session) and sessions.
To get the *** in input fields, just use rather than type="text"
Sessions aren't too tricky in PHP, just try a few examples from the manual and get used to how they work. On a slight aside, can someone explain the difference to me between session cookies (i.e. those that only last the duration of the session) and sessions.
Page: