Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to encrypt passwords

Status
Not open for further replies.
darkradar

darkradar

Programmer
Jul 20, 2002
78
US
Hi I am storing my employees passwords in
Employee table. But Anybody who has
administrative access can see their passwords.
I want to encrypt their passwords so that nobody
could see their passwords. Is there any way that
I could encrypt their passwords. I tried using
binary datatype for passwords, But again anybody who
has adiministrative access can change the datatype
to char to see the passwords.
Any help will be highly appreciated..

Thanks in advance
 
Sort by date Sort by votes
Well if they are administrator then there is not much to do as they could always just change the password so they could get in.

If you have issues with your admin then you should look at that.

But that said I never store passwords. I store 1 way hash of the password, specifically a MD5 hash.

I've also heard of people storing a MD5 of a userid/password but I can still see admins getting around this.

For example I can store someones password as a MD5 but if a administrator really wants to long in as that user then all they have to do is use the MD5 of password they know put it in the database, log into the application, do what they want to do then put the users old password back.

If the Administrators know how you hash the password there isn't much you can really do but stop the stupid admins....in which case you should question why you employ brain dead people.

Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
Hi

Could be more elaborate about MD5.
I never heard of this before.

Thanks in advance
 
Upvote 0 Downvote
MD5 is a 1 way hash. Look it up on Google. There are plenty of code examples on how to impliment it.

Basically you can take a string of any lenghth and run it through the MD5 function and you'll be given a 30 byte string that is a sort of finger print for that source.

If someone changes just 1 byte the MD5 signature changes.

It is used often in conjunction with source code to assure that the source has not been altered.

ie I have code and I distribute it to 10 mirror sites so people can download it faster. On the main site I run the code through the MD5 function and provide the MD5 signature for everyone to see.
If they down load the code from another site they can run it through md5 (most linux/unix systems provide a program for this) they can see if the code is unaltered thus safer.

For passwords it means you can store the MD5 in the database and that no one will be able to use that to work back to the original password. The only way to find the oringinal password is to brute force it...ie try every combo. It is true that 2 passwords may have the same MD5 signature but the chances are remote as there is
48,873,677,980,689,257,489,322,752,273,775,000,000,000,000,000
different combinations possible.


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top