Encrypting Passwords Without Md5.

This topic is locked

Encrypting Passwords Without Md5.	2/1/2013 2:12:03 PM
PHPRunner General questions
J JCRamos author In PHPRunner 5.3, users' passwords could be stored encrypted. The encryption method was MD5. This feature exists in MySQL, which could make operations on the database, such as: Now with PHPRunner 6.2, and choosing based encryption database, using MySQL and DES_ENCRYPT function I can not do the same, because you do not get the same encrypted string if done from the login page generated by PHPRunner. Example: In MySQL: [font="Courier New"]select DES_ENCRYPT ('some_pwd', 'my_seed') you get "y/'Ԗ\" In PHPRunner with the same string and the same seed, you get "FF2417317B3B0C2725" What am I doing wrong?

Mark as Solved Mark as not solved

3 replies


	Sergey Kornilov admin 2/1/2013
	I guess this is the same thing, the result of DES_ENCRYPT is binary and we convert it to hex representation. Try to run select hex(DES_ENCRYPT ('some_pwd', 'my_seed')) in MySQL console to see what I mean.


J	JCRamos author 2/2/2013
	Thank you very much. If you accept my suggestion, this conversion with HEX() function should appear in PHPRunner's help. Moreover, given that the program (for projects made with previous versions), is prepared to handle the old MD5 passwords option, this option should always appear in the Security Page options in PHPRunner, regardless of version. The reason is that I feel more secure MD5 to store the data of the users password, if only because it is not reversible. Thank you again.


	Sergey Kornilov admin 2/2/2013
	This option (MD5 hashing) will appear if you open an older project were password encryption was turned on. Using MD5 option in new projects is not a good idea. MD5 is no longer considered as a secure way to hash passwords. More info: http://en.wikipedia.org/wiki/Md5#Security

3 replies

Mark as Solved Reply