Passwords

[Kieran]

Hello all,

Although I'm a fluent php/mysql/css coder, I'm ashamed to say that I don't know the first thing about MD5 and general encryption.

I'm a little confused as to how this works...

When I generate an MD5 hash using PHP, the generated hash is different to that stored in the database? Why is this?

Also, if anybody has time, could they please explain what a 'salt' is...

Thanks,

Kieran

[Nabeel]

Salt is an extra layer of security, what happens is

Password is MD5'd, then that is appended to the salt, and that whole thing is then MD5'd. That way it can't be decoded at all since it's doubly encrypted

[Kieran]

Salt is an extra layer of security, what happens is

Password is MD5'd, then that is appended to the salt, and that whole thing is then MD5'd. That way it can't be decoded at all since it's doubly encrypted

So if, for example, I had a freshly-inputted password stored in $password, I could,

-Get the Salt from the database

-MD5 the inputted password

-Add $password and $salt together (in that order?)

-MD5 that and store it in $encpw

-The value in the 'password' field of the database would equal $encpw

Am I guessing correctly here?

Thanks!

Ps. Well done on the new forums I love them

[Nabeel]

I was wrong, it's the password + salt, md5 both of those together.

http://bugs.phpvms.net/browser/trunk/core/common/Auth.class.php#L274

[Kieran]

Thanks a lot, just what I needed!

Also, what's the name of the function that email's people?

[Nabeel]

I think Util::SendEmail