Link to home
Create AccountLog in
Avatar of BR
BRFlag for Türkiye

asked on

Encrypt and decrypt passwords in php

What is the best way to encrypt a password to store in mysql databese? I mean in both ways ( encryption and decryption)?

I read about md5 is not enough since it's easly be decrypted....

What do you suggest i should do to hash passwords and decrypt it?
Avatar of ste5an
ste5an
Flag of Germany image

The best way? The best way is not to store passwords. Store a salted hash instead.
Hashes like MD5 and SHA are one-way functions.  MD5 takes some serious computing power to break it.  SHA takes more.  Where there is no financial reward for 'breaking' the passwords, MD5 is still used because it is good enough.

This page addresses what PHP provides: http://php.net/manual/en/faq.passwords.php  And more info: http://phpsec.org/articles/2005/password-hashing.html
SOLUTION
Avatar of Russ Suter
Russ Suter

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of BR

ASKER

Thank you all,
So i should use salted hash and to store passwords, when i check the passwords i actually check the hash version of the password to compare if it is valid or not?

Right?
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of BR

ASKER

Thank you all