You are on the right path. For a basic one-way encryption you can take the password, append to it some standard text that is part of your algorithm, append some salt that varies per user, and then take an MD5 hash of that. Store the MD5 hash.
Given a password, if the same procedure yields the signature that you stored, then the passwords matched.
There probably is something more secure than this, but this is enough that your remaining security problems are more likely to be elsewhere - possibly plaintext passwords sent over the wire, people with bad passwords, people reusing passwords, people who can be social engineered...
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|