CancelImage Upload

How to give your passwords that extra bit of protection with md5()

The Message Digest Algorithm designed by RSA Data Security, Inc. can help keep your user's passwords safe, even if for instance someone was capable of obtaining the user database with your passwords in them.

This is because any password encrypted with md5 will become unrecognisable, and can only be compared with the original password when it is also turned into it's md5 equivalent:

<?php

if(md5($_POST['passwordEntered']) == $realPasswordMD5)
{

      ...

}

?>


So, when does the encryption of md5 passwords make sense, and what are its drawbacks? Well, for starters once the password has become encrypted, only the owner will probably know what it is. And since most people are forgetful your website will require a password reset facility, should you choose to employ md5 for additional security. A simple password reminder via Email will not be possible anymore.

Also bare in mind that you as the website's admin will probably not be aware of the passwords being used either. Meaning that you will need an alternative way of being able to log into your users account, which is something to think about, in case such a necessity might arise.

If however you have built a password reset facility, or you happen to have an over viewable user base for whom you maintain the passwords, md5 is the way to go!

Login
Want to leave a comment?

No problem. Just enter your email and password below.


register | home | reminder

myDesignTool Networking • www.mydesigntool.cominfo@mydesigntool.com