Home > mailing lists

Re: Password Encryption to replicate MySQL PASSWORD function - Mailing list pgsql-php

From	Joe Conway
Subject	Re: Password Encryption to replicate MySQL PASSWORD function
Date	January 22, 2003 02:16:13
Msg-id	3E2E1AA5.4060205@joeconway.com Whole thread Raw
In response to	Password Encryption to replicate MySQL PASSWORD function ("Luke Woollard" <luke@taborvision.com>)
Responses	Re: Password Encryption to replicate MySQL PASSWORD function ("Luke Woollard" <luke@taborvision.com>)
List	pgsql-php

Tree view

Luke Woollard wrote:
> In mysql I have used the 'PASSWORD('someString')' function to encrypt each
> users password. When authenticating a user for system use, I use the same
> function to compare encrypted password.
>

 From the MySQL manual:
"The PASSWORD() function is used by the authentication system in MySQL Server,
you should *not* use it in your own applications. For that purpose, use MD5()
or SHA1() instead." (emphasis added)

FWIW, the algorithm used in PASSWORD() must be pretty weak, as it appears to
only create an 8-byte (16 hex chars) hash. MD5() (16 bytes/32 hex chars) and
SHA1() (20 bytes/40 hex chars) are available in contrib/pgcrypto.
Alternatively you could use the PHP functions by the same names.

HTH,

Joe

pgsql-php by date:

From: Matthew Horoschun
Date: 22 January 2003, 01:49:25
Subject: Re: Password Encryption to replicate MySQL PASSWORD function

From: "Luke Woollard"
Date: 22 January 2003, 02:20:55
Subject: Re: Password Encryption to replicate MySQL PASSWORD function

Re: Password Encryption to replicate MySQL PASSWORD function - Mailing list pgsql-php

Previous

Next