Password encryption

PythonPython Forum LeaderThe Royal RAM
in Coding Languages
What would be the most secure and safest way to protect a users password?


At the moment my script is using md5 which is a 32 bit encryption but Ive read that if the encrypted code is found out by someone it can be bruteforced and then the password can be revealed.

Should I for example use more than one encryption method... For example salt or something...

The Royal Ram

Comments

  • kinkkink serious member VPS - Virtual Prince of the Server
    mmmmmmm i dont think that for a webmaster forum that anyone would go to those lengths , just my opinion maybe look around for some stuff on web
  • ViperViper Senior Member The Royal RAM
    I dont see the point that some person would go to those lenghs for a webmaster forum!!
    5Dollarlink | DevDreams | G-Unit Board
  • PythonPython Forum Leader The Royal RAM
    well phpbb and vbulletin use md5 encryption however ive been reading a few articles on security and if someone gains access to the database then they are able to find out the admins password and virtually take over the entire forum.

    but if its encrypted twice it is so much harder... almost impossible.

    or instead of using md5 a random string of about 16 characters could be created and this could be used to generate the encrypted passwords in conjunction with the actual password.

    I just want it to be as secure as possible...

    The Royal Ram

  • martian2k4martian2k4 Llama Hunter Moderator
    Well yes if some one gains access to the DB then they can generate ther own MD5 encrypted password and change the admins but that aint really the scripts securety problem its the web masters/ servers. If some one gained access to the DB the could mess up the forum any way :p
    Free MySpace Layouts- Coming soon
    Photoshop Tutorials- Coming soon
    Premium PHP Scripts- Coming soon

    Haha i should really do some work so i can remove all the coming soon's
  • dabossdaboss WP V.I.P. ''The Boss'' Administrator
    md5 should be good enough... no one would go that far as to break md5 if your site doesn't contain anything important... e.g. nasa site or the pentagon...
    The Ultimate BMW Blog! | Colic Facts | Information about Bird Flu | Pregnancy Site | URL Shortening Script
  • ChroderChroder Senior Member The Royal RAM
    MD5 is still good yet. The only way someone would be able to get a password hash is if they have access to your database, and in that case, you have other problems ;)

    If you are still uneasy about MD5 being "broken", then try mixing two different hash algorithms:
    [php]$pass = sha1( md5( $pass ) );[/php]
    The New Tech - New
    Webmaster-Talk.com
    Chroder.com
Sign In or Register to comment.