Thread: What format should i use to save password?

Originally Posted by micky

Hey fellas!
I need to save user's password in a table.
So whats the best way to save it in?

RR advised me to use MD5, but i searched and found this article which says it can be hacked easily.
Cracking MySQL's MD5() function ... within seconds

Any ideas/advises??

VS.NET 2005

Micky

Hey Micky,
I always used to use md5(), haven't done much new php programming for a while now though so am not up to scratch with what is the best current method...however have you looked at the PHP: md5 - Manual page? There are some threads there talking about greater security...

Also...what are you securing access too? and how likely are people to want to crack it..that is something in my mind you have to weigh up with the time/money spent on securing it...

Just a thought, Let us know if you find something better

Graham.

Originally Posted by micky

thanx RF, i'll have a look

no worries, although just reread your post and you say VS.Net2005...sorry I presumed you were using PHP! Not sure my link will help afterall. Oh I do try!

Originally Posted by micky

lol
well the link might help, irrespective of development platrofm

Guess the logic should be the same.

Micky,

This all shouldn't be taken with a grain of salt...or perhaps, it should

I use SHA-1 with a password salt for extra security. I would look into going that route.

It's a pretty good example, but not complete with information.

I have a working sample at home that I won't mind sharing with you...just gotta give me about 10 hours :P

Originally Posted by jmurrayhead

It's a pretty good example, but not complete with information.

I have a working sample at home that I won't mind sharing with you...just gotta give me about 10 hours :P

10hours...man that is a long drive home